System restore association Gone & other things happening

OTL logfile created on: 10/20/2012 6:44:46 PM - Run 2
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\office1\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 3.39 Gb Available Physical Memory | 56.73% Memory free
11.96 Gb Paging File | 8.95 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.84 Gb Total Space | 301.74 Gb Free Space | 65.05% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.63 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 111.35 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive M: | 453.99 Gb Total Space | 96.55 Gb Free Space | 21.27% Space Free | Partition Type: NTFS
Drive N: | 1397.07 Gb Total Space | 1396.90 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive T: | 1397.26 Gb Total Space | 180.25 Gb Free Space | 12.90% Space Free | Partition Type: NTFS
Drive U: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive W: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive Y: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Computer Name: BHWC2GDM | User Name: office1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/20 17:38:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\office1\Downloads\OTL.com
PRC - [2012/09/07 15:37:04 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/09/07 14:40:18 | 000,008,704 | ---- | M] (Freemake) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/08/13 22:01:10 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-FileSystem.exe
PRC - [2012/08/13 22:01:08 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/08/13 22:00:50 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2012/08/13 22:00:48 | 000,388,984 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2012/08/13 22:00:40 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2012/08/02 18:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/08/02 18:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/02 18:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 13:21:14 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/07/16 07:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2012/07/16 07:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2012/07/16 07:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/03 11:10:42 | 000,008,704 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/19 11:49:02 | 000,532,480 | ---- | M] (DelTel, Inc.) -- C:\Program Files (x86)\DelTel\PBNext\PBNext.exe
PRC - [2009/08/27 18:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/20 18:03:06 | 000,057,344 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
MOD - [2012/10/10 03:06:15 | 000,460,312 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 03:06:13 | 012,435,992 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 03:06:12 | 004,005,912 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 03:04:57 | 000,578,072 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 03:04:55 | 000,123,928 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 03:04:44 | 000,156,712 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 03:04:43 | 000,275,496 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 03:04:42 | 002,168,360 | ---- | M] () -- C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/02 18:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/07/24 13:21:14 | 001,240,944 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012/07/10 22:21:53 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/07/10 22:21:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/10 22:21:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/10 22:21:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/10 22:21:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/10 22:21:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/10 22:21:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/07/07 16:09:56 | 000,257,024 | ---- | M] () -- C:\Program Files (x86)\DelTel\PBNext\Plugins\PBNext-OutlookSync.dll
MOD - [2010/04/09 16:17:54 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\DelTel\PBNext\PhoneFilter.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/04 09:37:20 | 000,914,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/08 16:42:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 13:19:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/09/07 14:40:18 | 000,008,704 | ---- | M] (Freemake) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/08/13 22:01:08 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/08/13 22:00:40 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/08/02 18:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/02 18:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/02 18:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/02 18:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/16 07:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 11:10:42 | 000,008,704 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/06 08:16:14 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/20 05:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 18:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/09 19:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/09 19:48:16 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/11 14:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/12/09 07:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/29 12:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 15:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/26 19:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/19 21:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/19 21:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/08 03:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/06/03 09:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2010/02/02 12:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/16 00:40:52 | 000,538,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/08/13 22:01:06 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BDA900CF-CB0E-4E65-98EF-1FE9AC5579DE}
IE - HKCU\..\SearchScopes\{BDA900CF-CB0E-4E65-98EF-1FE9AC5579DE}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/en"
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {adca5064-9e30-43fe-9856-58b07a3149fe}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4}:10.10.27.6
FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\office1\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\office1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\office1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\office1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\office1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/10/04 22:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2012/10/04 21:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2012/10/04 21:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2012/10/04 21:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/17 13:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/20 17:31:47 | 000,000,000 | ---D | M]

[2012/03/09 01:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office1\AppData\Roaming\Mozilla\Extensions
[2012/06/07 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office1\AppData\Roaming\Mozilla\Firefox\extensions
[2012/06/07 21:12:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\office1\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/10/20 17:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office1\AppData\Roaming\Mozilla\Firefox\Profiles\htwqo2ld.default\extensions
[2012/06/19 21:34:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\office1\AppData\Roaming\Mozilla\Firefox\Profiles\htwqo2ld.default\extensions\support@lastpass.com
[2012/10/20 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
File not found (No name found) -- C:\USERS\OFFICE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTWQO2LD.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\OFFICE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTWQO2LD.DEFAULT\EXTENSIONS\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
File not found (No name found) -- C:\USERS\OFFICE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTWQO2LD.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
File not found (No name found) -- C:\USERS\OFFICE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTWQO2LD.DEFAULT\EXTENSIONS\{F16708B8-D2DF-482D-9DFA-AA8D8894F0F4}
[2012/09/17 13:19:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 01:32:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/08/07 20:32:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/04 16:02:04 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2012/08/07 20:32:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/en
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/en
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Wondershare Chrome Plugin (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.3_0\npSVRChromePlugin.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.3_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\office1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\office1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\office1\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: Shortcuts for Google\u2122 = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd\1.6.4.2_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.3_0\
CHR - Extension: Better Music for Google Play Music = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.5.11_0\
CHR - Extension: Turn Off the Lights = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.12_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Scroll To Top Button = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp\6.1.9_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: Webpage Screenshot = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Gmelius - Ad Remover and Better UI for Gmail\u2122 = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.6.3_0\
CHR - Extension: Freemake Video Downloader = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\
CHR - Extension: Facebook Disconnect = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Gmail Attachments To Drive = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\epoohehjbaenldfbahgcegdmlogakgin\1.3.7_0\
CHR - Extension: Full Screen Weather = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: IBA Opt-out (by Google) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.4_0\
CHR - Extension: AdBlock = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: SearchPreview = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.7_0\
CHR - Extension: LastPass = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.3_0\
CHR - Extension: Select To Get Maps = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: SuperSorter = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij\0.4.3_0\
CHR - Extension: Professional Scrollbars = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngfmkbjhlcbdgmppkpkdejbgmblalmi\0.25_0\
CHR - Extension: Blank Canvas Signatures for Gmail = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\1.18.6_0\
CHR - Extension: Downloads = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Attachment Icons for Gmail\u2122 = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\johdeoloijidhejmalfkpchbihbiamph\1.1_0\
CHR - Extension: StumbleUpon = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.10.11.1_0\
CHR - Extension: InvisibleHand = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.16_0\
CHR - Extension: Account Switcher for Google Gmail\u2122 accounts = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdhogamnobeecdllbfmaafppceialak\1.0.3_0\
CHR - Extension: Boomerang for Gmail\u2122 = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.0.1_0\
CHR - Extension: Just Beam It = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmikgkdknaammcapbklcdaakpphfilgg\1_0\
CHR - Extension: Better Google Tasks = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhddnkmimnokfjdlogacnfjfclgcdme\4.1_0\
CHR - Extension: Super iGoogle = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncindhlccodninkgiofmmjdidmcmllhd\3.1_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: Wondershare YouTube Downloader = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.3_0\
CHR - Extension: Google Quick Scroll = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.83_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.11.24.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Read Your AOL Mail = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\
CHR - Extension: Space Planet = C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Freemake.YoutubeButton) - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F16708B8-D2DF-482D-9DFA-AA8D8894F0F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Synergy] C:/Program Files/Synergy/synergy.exe ()
O4 - HKCU..\Run: [ClubWPTBuddy] C:\Program Files (x86)\ClubWPTBuddy\ClubWPTBuddy.exe ()
O4 - HKCU..\Run: [run_pbnext] C:\Program Files (x86)\DelTel\PBNext\PBNext.exe (DelTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EAF55F6-C826-4060-89AD-29BB86C369B5}: DhcpNameServer = 10.32.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC9A0E2E-0D86-4796-A731-BA8C27139A02}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E20C1041-CD8C-4951-A3B1-E58BBD50DBED}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {8D42AD12-D7A1-4797-BCB7-AD89E5FCE4F7} - C:\Program Files (x86)\DelTel\PBNext\PhoneFilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08a56d80-d922-11e1-be88-782bcb93ec93}\Shell - "" = AutoRun
O33 - MountPoints2\{08a56d80-d922-11e1-be88-782bcb93ec93}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{a2824577-d0f0-11e1-ae4e-782bcb93ec93}\Shell - "" = AutoRun
O33 - MountPoints2\{a2824577-d0f0-11e1-ae4e-782bcb93ec93}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cef3c381-f85c-11e0-a25b-782bcb93ec93}\Shell - "" = AutoRun
O33 - MountPoints2\{cef3c381-f85c-11e0-a25b-782bcb93ec93}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{cef3c381-f85c-11e0-a25b-782bcb93ec93}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{cef3c381-f85c-11e0-a25b-782bcb93ec93}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 02:13:05 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634862959859474600
[2012/10/17 19:34:36 | 000,000,000 | ---D | C] -- C:\Users\office1\AppData\Local\eMule
[2012/10/17 19:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2012/10/16 17:42:08 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634860061288976724
[2012/10/13 12:33:02 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2012/10/13 12:01:49 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/10/13 12:01:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/10/13 12:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/10/13 11:59:00 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/10/13 11:59:00 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/10/13 11:59:00 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/10/13 11:59:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/10/13 11:58:59 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/10/13 11:58:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/10/13 11:58:59 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/10/13 11:58:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/10/13 11:58:33 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/10/13 11:58:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/10/13 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/10/13 11:57:03 | 000,000,000 | R--D | C] -- C:\Users\office1\SkyDrive
[2012/10/13 11:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/10/11 21:33:25 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634855880057145259
[2012/10/09 21:01:59 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 21:01:58 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 21:01:58 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 21:01:56 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 21:01:42 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 21:01:41 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/08 15:20:11 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634853064118389546
[2012/10/04 22:02:11 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634849849318526724
[2012/10/04 13:41:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/04 12:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/04 10:32:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/10/02 21:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BackgammonMasters
[2012/10/02 21:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BackgammonMasters
[2012/09/27 12:37:12 | 000,000,000 | --SD | C] -- C:\Users\office1\Google Drive
[2012/09/27 12:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/09/25 15:46:38 | 000,000,000 | -H-D | C] -- C:\Users\office1\Documents\Freemake_do_not_remove_this_folder634841847983943530
[2012/09/22 03:00:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:00:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:00:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:00:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:00:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\office1\Documents\Legends1
[2012/04/30 01:06:57 | 000,154,624 | ---- | C] (NirSoft) -- C:\Program Files\SearchMyFiles.exe

========== Files - Modified Within 30 Days ==========

[2012/10/20 18:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/20 18:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 18:30:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2075846022-1630903033-2500980002-1003UA.job
[2012/10/20 18:29:37 | 000,412,913 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020g.jpg
[2012/10/20 18:28:54 | 000,370,032 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020f.jpg
[2012/10/20 18:28:19 | 000,425,768 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020e.jpg
[2012/10/20 18:27:37 | 000,397,130 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020d.jpg
[2012/10/20 18:26:45 | 000,285,960 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020c.jpg
[2012/10/20 18:23:23 | 000,350,745 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020b.jpg
[2012/10/20 18:22:38 | 000,352,171 | ---- | M] () -- C:\Users\office1\Desktop\Programs installed 121020a.jpg
[2012/10/20 18:08:30 | 000,019,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 18:08:30 | 000,019,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 18:01:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/20 18:01:20 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/10/20 18:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/20 18:00:59 | 523,071,487 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 17:40:39 | 000,538,941 | ---- | M] () -- C:\Users\office1\Desktop\adwcleaner.exe
[2012/10/20 02:30:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2075846022-1630903033-2500980002-1003Core.job
[2012/10/19 17:06:42 | 000,083,860 | ---- | M] () -- C:\Users\office1\Desktop\noname.jpg
[2012/10/18 19:17:38 | 000,311,317 | ---- | M] () -- C:\Users\office1\Desktop\Christopher Kirk of Statewide Towing And Recovery Inc - Riverside, CA 92501.pdf
[2012/10/18 19:10:12 | 000,519,030 | ---- | M] () -- C:\Users\office1\Desktop\contact_us.pdf
[2012/10/18 02:57:20 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012/10/11 14:06:08 | 000,743,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/11 14:06:08 | 000,635,834 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/11 14:06:08 | 000,111,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/10 18:06:30 | 000,002,444 | ---- | M] () -- C:\Program Files\SearchMyFiles.cfg
[2012/10/10 17:31:00 | 000,002,473 | ---- | M] () -- C:\Users\office1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/08 16:42:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/08 16:42:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/04 12:52:35 | 000,000,082 | ---- | M] () -- C:\Users\office1\Documents\cc_20121004_125233.reg
[2012/10/04 12:52:17 | 000,001,190 | ---- | M] () -- C:\Users\office1\Documents\cc_20121004_125214.reg
[2012/10/04 12:51:58 | 000,017,560 | ---- | M] () -- C:\Users\office1\Documents\cc_20121004_125154.reg
[2012/10/04 12:51:17 | 000,910,828 | ---- | M] () -- C:\Users\office1\Documents\cc_20121004_124856.reg
[2012/10/03 16:52:08 | 000,017,920 | ---- | M] () -- C:\Users\office1\Documents\TI Ropes Course Folder labels.lbl
[2012/10/02 21:03:01 | 000,032,854 | ---- | M] () -- C:\Windows\iniLS.dat
[2012/10/02 21:01:12 | 000,014,368 | ---- | M] () -- C:\Windows\skype.dat
[2012/10/02 21:00:50 | 000,001,149 | ---- | M] () -- C:\Users\office1\Application Data\Microsoft\Internet Explorer\Quick Launch\BackgammonMasters.lnk
[2012/10/02 21:00:50 | 000,001,125 | ---- | M] () -- C:\Users\office1\Desktop\BackgammonMasters.lnk
[2012/10/01 10:49:28 | 000,535,541 | -H-- | M] () -- C:\Users\office1\Documents\PP11Thumbs.ptn
[2012/10/01 10:49:28 | 000,000,868 | -H-- | M] () -- C:\Users\office1\Documents\PP11Thumbs.ptn2
[2012/10/01 10:49:24 | 000,006,295 | -H-- | M] () -- C:\Users\office1\Documents\maxdesk.ini2
[2012/09/29 16:27:36 | 004,402,569 | ---- | M] () -- C:\Users\office1\Documents\rca tv.pdf
[2012/09/26 03:01:15 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/10/20 18:29:33 | 000,412,913 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020g.jpg
[2012/10/20 18:28:50 | 000,370,032 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020f.jpg
[2012/10/20 18:24:46 | 000,425,768 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020e.jpg
[2012/10/20 18:24:09 | 000,397,130 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020d.jpg
[2012/10/20 18:23:45 | 000,285,960 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020c.jpg
[2012/10/20 18:23:21 | 000,350,745 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020b.jpg
[2012/10/20 18:22:36 | 000,352,171 | ---- | C] () -- C:\Users\office1\Desktop\Programs installed 121020a.jpg
[2012/10/20 17:40:31 | 000,538,941 | ---- | C] () -- C:\Users\office1\Desktop\adwcleaner.exe
[2012/10/19 17:06:42 | 000,083,860 | ---- | C] () -- C:\Users\office1\Desktop\noname.jpg
[2012/10/18 19:17:44 | 000,311,317 | ---- | C] () -- C:\Users\office1\Desktop\Christopher Kirk of Statewide Towing And Recovery Inc - Riverside, CA 92501.pdf
[2012/10/18 19:10:23 | 000,519,030 | ---- | C] () -- C:\Users\office1\Desktop\contact_us.pdf
[2012/10/18 02:40:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/18 02:40:33 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/10/18 01:59:37 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012/10/13 12:01:33 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/10/13 12:01:25 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/10/13 12:01:10 | 000,001,464 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/10/13 12:00:49 | 000,002,492 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/10/13 11:57:02 | 000,002,174 | ---- | C] () -- C:\Users\office1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/10/04 12:52:35 | 000,000,082 | ---- | C] () -- C:\Users\office1\Documents\cc_20121004_125233.reg
[2012/10/04 12:52:15 | 000,001,190 | ---- | C] () -- C:\Users\office1\Documents\cc_20121004_125214.reg
[2012/10/04 12:51:56 | 000,017,560 | ---- | C] () -- C:\Users\office1\Documents\cc_20121004_125154.reg
[2012/10/04 12:49:04 | 000,910,828 | ---- | C] () -- C:\Users\office1\Documents\cc_20121004_124856.reg
[2012/10/03 16:52:08 | 000,017,920 | ---- | C] () -- C:\Users\office1\Documents\TI Ropes Course Folder labels.lbl
[2012/10/02 21:01:12 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2012/10/02 21:00:57 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2012/10/02 21:00:50 | 000,001,149 | ---- | C] () -- C:\Users\office1\Application Data\Microsoft\Internet Explorer\Quick Launch\BackgammonMasters.lnk
[2012/10/02 21:00:50 | 000,001,125 | ---- | C] () -- C:\Users\office1\Desktop\BackgammonMasters.lnk
[2012/10/01 10:49:24 | 000,006,295 | -H-- | C] () -- C:\Users\office1\Documents\maxdesk.ini2
[2012/10/01 10:49:08 | 000,535,541 | -H-- | C] () -- C:\Users\office1\Documents\PP11Thumbs.ptn
[2012/09/29 16:27:30 | 004,402,569 | ---- | C] () -- C:\Users\office1\Documents\rca tv.pdf
[2012/09/27 12:36:02 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/27 12:36:01 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 23:52:51 | 000,000,206 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/20 02:44:12 | 000,000,016 | -H-- | C] () -- C:\Users\office1\SyncToy_5af4473e-3be8-48fd-ad00-616aded471c5.dat
[2012/08/12 22:17:57 | 184,374,576 | ---- | C] () -- C:\Users\office1\We Are The World.mp4
[2012/08/05 20:59:22 | 000,087,215 | ---- | C] () -- C:\Users\office1\final_bstSnapshot_20821.jpg
[2012/08/05 19:18:09 | 000,089,989 | ---- | C] () -- C:\Users\office1\final_bstSnapshot_27015.jpg
[2012/08/05 19:17:17 | 000,124,093 | ---- | C] () -- C:\Users\office1\final_bstSnapshot_35149.jpg
[2012/08/05 19:11:38 | 000,105,108 | ---- | C] () -- C:\Users\office1\final_bstSnapshot_31694.jpg
[2012/08/05 18:01:38 | 000,226,356 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/06/14 22:27:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/14 22:27:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/14 22:27:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/11 16:30:24 | 000,000,872 | ---- | C] () -- C:\Users\office1\AppData\Local\recently-used.xbel
[2012/05/17 00:37:11 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/05/14 12:58:34 | 000,004,096 | -H-- | C] () -- C:\Users\office1\AppData\Local\keyfile3.drm
[2012/05/02 14:00:13 | 000,002,444 | ---- | C] () -- C:\Program Files\SearchMyFiles.cfg
[2012/04/13 20:22:09 | 000,014,336 | ---- | C] () -- C:\Users\office1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 17:58:22 | 000,000,062 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2012/04/03 14:35:20 | 000,000,334 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/04/03 14:35:20 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/04/03 14:34:51 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/04/03 14:34:51 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/04/03 14:34:15 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/04/03 14:34:15 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/04/03 14:34:15 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/03/06 01:20:12 | 000,000,000 | ---- | C] () -- C:\Windows\ClubWPTBuddy.INI
[2011/10/17 14:55:08 | 000,000,412 | ---- | C] () -- C:\Users\office1\AppData\Roaming\All CPU Meter_Settings.ini
[2011/10/09 17:30:37 | 000,760,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/09 17:20:48 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/24 12:13:01 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/24 12:13:01 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/24 12:13:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/24 09:29:17 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/02/11 14:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:A798AA1A
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:0B9FB94D
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:40EE25BB
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:147A3409
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:B54E4B5A
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:01C66DD9
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:F9689B72
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:E7B49FBF
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:090FB735
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:F21A3A5E
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:09064307
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0AC32449
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:D2C57161
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:A688EF17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FDF9B285

< End of report >

OTL Extras logfile created on: 10/20/2012 5:39:40 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\office1\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 3.75 Gb Available Physical Memory | 62.73% Memory free
11.96 Gb Paging File | 9.24 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.84 Gb Total Space | 301.96 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.63 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 111.35 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive M: | 453.99 Gb Total Space | 96.55 Gb Free Space | 21.27% Space Free | Partition Type: NTFS
Drive N: | 1397.07 Gb Total Space | 1396.90 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive T: | 1397.26 Gb Total Space | 180.25 Gb Free Space | 12.90% Space Free | Partition Type: NTFS
Drive U: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive W: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive Y: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive Z: | 298.09 Gb Total Space | 77.32 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Computer Name: BHWC2GDM | User Name: office1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B591BD-B43D-483C-B99B-09BDBB6C089C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09FA7A96-1146-494D-9D88-7F0610437124}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1187D5FD-2967-4EEC-A062-E3A14D5EDF89}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1AE1F7DD-9752-44D7-85A4-FF40768FDCC6}" = lport=445 | protocol=6 | dir=in | app=system |
"{24A20463-22CA-43AF-8718-E12C0B97B86A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BAA40AB-0EFD-47AE-A437-85E36022F554}" = rport=138 | protocol=17 | dir=out | app=system |
"{52AB44F7-7368-4EB0-B9EC-44288864154F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{53DC55AF-AF30-4F36-BD4C-249F83965A63}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{57821FB5-4B8D-4A8C-AE63-D8D31D3B45DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A89EC8D-D1A4-43F2-A622-DCEDB63CE712}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C4783B1-3694-4045-9EC5-97FB63C33ADF}" = rport=445 | protocol=6 | dir=out | app=system |
"{60BBE4C3-CF42-46DB-B185-198A6DF81D24}" = rport=139 | protocol=6 | dir=out | app=system |
"{67A9B4A9-85F3-4521-8D7B-33E030962819}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{74FD618C-8BC4-4D7B-9598-61A9ADBA6332}" = lport=138 | protocol=17 | dir=in | app=system |
"{75AD51D8-1DB1-4F87-A58C-4ED191D7510B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FB164B-5114-45D6-885E-89883BB0E181}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{91213DC3-F19C-4F7F-97F2-E59E4B63CB68}" = lport=137 | protocol=17 | dir=in | app=system |
"{94F71A22-C6E5-435A-9977-BBC1909277E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B09C548F-DB34-4D70-8301-22CDD4E110C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B32BA921-2260-4E49-921C-15B1725846A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{BA7A5B1B-9CF9-4AEB-AAC5-922726E6283F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CC53D51A-3F7E-496D-83C7-DFE36D080A49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF870DD8-4B2B-4423-8741-7C211126D2A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E48B6817-0AC3-4F48-9A61-B6187C121F24}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4E0DE94-C690-44CE-9E40-614E1D74F779}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5E3A954-5A5D-47DF-B489-19AB671B1C49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036A3DD9-9BB2-43F6-B875-A40C56D53167}" = protocol=6 | dir=in | app=c:\users\office1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0F6D16E5-75A6-4D87-B76A-92D9C82BF018}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{114D92CC-0B05-4F09-BF88-E606A5BBC027}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{149CEC88-BD85-4195-BA5C-2510CF6A1EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{14ABF755-4C8C-4131-B60E-45AEC85EA044}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{25376006-BE1D-44BA-8089-5830B9916892}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{28EBA899-C637-4612-8525-BC8A5C2EBB47}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{37995C51-0DD7-47EE-805E-CC5396087BC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C23FDAC-A3AB-454E-BDFB-6FC24E5A2CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{3EA87A95-A313-4E6D-97A7-5BCB6ED75148}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F1355BC-F5EA-4459-93DB-24C76BE737A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{404DEA83-30B3-419C-89E7-6A6BCD490EDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{439518B5-1130-45F7-928D-A07EC24D55E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B53E714-60B7-498A-8EC5-00681D4418BB}" = protocol=17 | dir=in | app=c:\users\office1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4D39B018-9B4C-4D7B-B1C1-E44504DAA700}" = protocol=6 | dir=in | app=c:\users\office1\appdata\roaming\mjusbsp\magicjack.exe |
"{54C7D809-A002-440A-86E4-20E21F213A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{5C6AB226-5D79-45E3-BC15-D57A60CDA028}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{5E0FB540-786F-47DC-8203-060DF5167EAD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5EB4922B-3FA1-48AD-A71F-8472B5470E2B}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{6A8A77E3-5C92-4DB6-8FE5-DC236707AC5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6C4977BA-7CA8-4215-8A51-B432660B01EE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{70288A03-6FDF-4A76-9935-D1B7AE3F9287}" = protocol=17 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe |
"{715E3C8E-1958-4289-B116-B199A1A7E3B2}" = protocol=6 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe |
"{7255DC3F-563D-442E-AE93-54D65239FE3A}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{8948E64D-2FBD-4767-A67E-AB7977DB64BF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8A0D09B6-2CAD-42D5-88F2-1BD1D4BCB97A}" = dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{8BF0001C-E940-492E-83D3-A7330923447E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{8D114328-93DF-4588-B6BA-B28264A7FF37}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9078B91F-AE03-41B8-B880-ADD4FFDEF7E0}" = protocol=17 | dir=in | app=c:\users\office1\appdata\roaming\mjusbsp\magicjack.exe |
"{90FEF0D2-8F1D-4DEF-BF65-FA611884A601}" = protocol=17 | dir=in | app=c:\users\office1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{97BAB034-D2E5-4FE9-B19D-997435D85E7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C02DFD6-3F41-4BD4-B421-168D0BE417D2}" = protocol=17 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe |
"{A1588ADD-BFF8-44F5-B6C2-25CA6883AC2F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{AC9038C0-CF7F-4D30-B255-EE73C8548C33}" = protocol=6 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe |
"{AD3ECF31-3C8B-4FF7-B944-36ACED64802E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B1C48D71-7E29-4AF7-8FCA-D3F474A6C2C6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{B2F2C9DE-5F32-4A98-A1F0-8DF2BF92066D}" = protocol=6 | dir=in | app=c:\users\office1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BAD7DB17-C7F6-4E51-8B51-5287CA9E1709}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
"{CB220A87-5B03-4486-8D9D-264C7B55C9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{CC7B1C0D-A1DE-499A-9969-B8A7394AB48A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4E1A20A-70F5-4029-BCF1-6E40D8A0BC81}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DB827040-41E2-48A6-B66E-298781474005}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{DEADE872-7D57-48B1-9E4B-68786FCC6C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{DFF979D5-FB2B-434F-A691-CFC64580CBDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0C2FA36-F746-48DE-923A-83735133AE89}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E309B31F-607F-468F-93FC-FE3E90CBF38D}" = dir=in | app=c:\users\office1\appdata\local\microsoft\skydrive\skydrive.exe |
"{EBA48665-24B0-4228-AB09-0833B6218757}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EE994E81-A2EF-41C3-B26D-9CEBE15A6DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F23719CF-1003-420C-997C-7A373CCC2132}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F347E522-EC76-47D8-BFD9-2D8AC619E9E1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F5B30371-A6EC-4AFA-9754-33D29DD60F58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F93BD91C-C9E1-47F5-AA82-F21699E4967F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"TCP Query User{13B49E3F-8AB0-48FD-9463-16EBF42636D5}\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe" = protocol=6 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe |
"TCP Query User{6CE72389-837D-42A2-929A-00087409BEB7}\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe" = protocol=6 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe |
"TCP Query User{73C44DD0-E190-40EB-9D88-05E68361978F}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"TCP Query User{7B72BAAA-483D-4DC2-8831-B6308DC5604F}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"TCP Query User{AD4C58B1-5A20-46A5-9B69-247492A4AC06}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"TCP Query User{CE4F2288-EBCA-4681-AA70-1EF25855BCB7}E:\cnpacsview.exe" = protocol=6 | dir=in | app=e:\cnpacsview.exe |
"TCP Query User{E3CAFF88-C9E8-481F-9260-689FA602B9A5}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{553CFEF4-5B95-4462-A2C0-F436C4F908C7}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{6EEE6A0F-A520-4BAA-90D6-C04E5017F910}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{89D8A5A9-739E-4025-9F46-9E6ADBD66965}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{914EAF24-F962-4475-A298-802FB2ADBB0F}E:\cnpacsview.exe" = protocol=17 | dir=in | app=e:\cnpacsview.exe |
"UDP Query User{DDC46A99-A902-4E7A-A65A-D0A31726974A}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"UDP Query User{E9170310-F90E-4C04-B6B8-3F0A6C0D603A}\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe" = protocol=17 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\cnpacsview.exe |
"UDP Query User{F734D151-6C11-4757-AC42-A5919415DDFB}\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe" = protocol=17 | dir=in | app=\\bhwc7server\bhwc active patient scans\kenney, bernice\new folder (2)\cnpacsview.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb" = Windows Media Player 64-bit Plug-in Fix
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{207E51E3-7184-4281-AB3E-B31545F5F25B}" = Image Resizer for Windows (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.0 (WIN64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.0
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{245FCF81-55BA-4AB9-A7C1-37411595676D}" = Nuance PaperPort 12
"{26346FB6-4F69-453D-95CE-B6BA3A5382F8}" = Broderbund Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1" = RAW Image Viewer
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54627F4A-DDBF-452D-94FB-BED0EBB8E2F1}" = BlueStacks
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.6
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{64F57763-5EBF-4206-A03A-82E3593337B8}" = ClubWPTBuddy
"{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1" = Windows Media Player Plus! 2.1
"{68205FFB-5918-43D4-B0D4-131DE9282046}" = Foxit Reader
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A2F0810-3623-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Accountant Edition 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C633BAC-9A34-4BFD-B311-787D37F3EAFB}" = Nuance PDF Viewer Plus
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-465CN
"{A553E1D1-9DC0-4E12-A36A-DC13D47D62E8}" = PBNext
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0CC5440-E305-11E0-BCC1-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVerMedia H797 PCIe TV Tuner" = AVerMedia H797 PCIe TV Tuner 7.102.64.70
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 1.3.1.0
"BackgammonMasters_is1" = BackgammonMasters Client
"BFG-1912 - Titanic Mystery" = 1912: Titanic Mystery
"BFG-Abra Academy - Returning Cast" = Abra Academy : Returning Cast
"BFG-All-Time Sudoku" = All-Time Sudoku
"BFG-Awakening - Moonfell Wood" = Awakening: Moonfell Wood
"BFG-Azada" = Azada ®
"BFG-Big City Adventure - London Classic" = Big City Adventure: London Classic
"BFG-Big City Adventure - New York City" = Big City Adventure: New York City
"BFG-Big City Adventure - Sydney Australia" = Big City Adventure: Sydney, Australia
"BFG-Big Fish Games Texas Hold Em" = Big Fish Games Texas Hold'Em
"BFGC" = Big Fish Games: Game Manager
"BFG-Flux Family Secrets - The Rabbit Hole" = Flux Family Secrets - The Rabbit Hole
"BFG-Hidden Expedition - Amazon" = Hidden Expedition ®: Amazon
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition ® - Devil's Triangle
"BFG-Hidden Expedition - Everest" = Hidden Expedition ®: Everest
"BFG-Hidden Expedition - The Uncharted Islands" = Hidden Expedition: The Uncharted Islands
"BFG-Hidden Expedition - Titanic" = Hidden Expedition ®: Titanic
"BFG-Hidden in Time - Mirror Mirror" = Hidden in Time: Mirror Mirror
"BFG-Hidden Mysteries - Buckingham Palace" = Hidden Mysteries ®: Buckingham Palace ™
"BFG-Hidden Mysteries - Civil War" = Hidden Mysteries ®: Civil War
"BFG-Hidden Mysteries - Royal Family Secrets" = Hidden Mysteries: Royal Family Secrets
"BFG-Legends of the Wild West - Golden Hill" = Legends of the Wild West: Golden Hill
"BFG-Luxor 3" = Luxor 3
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files ®: 13th Skull ™
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files ®: Dire Grove ™
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects ™
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery Chronicles - Murder Among Friends" = Mystery Chronicles: Murder Among Friends
"BFG-Mystery P.I. - The Lottery Ticket" = Mystery P.I. - The Lottery Ticket
"BFG-Mystery PI - The New York Fortune" = Mystery P.I.: The New York Fortune
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-Righteous Kill" = Righteous Kill
"BFG-Route 66" = Route 66
"BFG-Travelogue 360 Paris" = Travelogue 360 ™: Paris
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold ™
"ClubWPT" = ClubWPT
"DicomWorks 1.3.5b_is1" = DicomWorks 1.3.5b
"eMule" = eMule
"Everything" = Everything 1.2.1.371
"Free Photo Viewer_is1" = Free Photo Viewer
"FreeFileViewer_is1" = Free File Viewer 2011
"Freemake Music Box_is1" = Freemake Music Box
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HotspotShield" = Hotspot Shield 2.67
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Invoice Expert" = Invoice Expert 4.08.04
"IrfanView" = IrfanView (remove only)
"iSkysoft DVD Ripper_is1" = iSkysoft DVD Ripper(Build 2.0.1.12)
"Ivan Image Converter" = Ivan Image Converter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.3.2
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"MicroDicom" = MicroDicom 0.5.4
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"Shockwave" = Shockwave
"Synergy" = Synergy
"TeamViewer 7" = TeamViewer 7
"TreeSize Free_is1" = TreeSize Free V2.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wondershare AllMyTube_is1" = Wondershare AllMyTube(Build 2.3.1.1)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GammonEmpire" = GammonEmpire
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"magicJack" = magicJack
"PoolEmpire" = PoolEmpire
"SkyDriveSetup.exe" = Microsoft SkyDrive
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2012 2:49:49 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/19/2012 3:43:11 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:27:20 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:32:33 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:36:01 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:48:19 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:55:36 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 5:59:11 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 6:33:42 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

Error - 10/20/2012 8:54:23 AM | Computer Name = BHWC2GDM | Source = .NET Runtime | ID = 1022
Description =

[ Media Center Events ]
Error - 5/26/2012 10:22:13 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:22:00 PM - Failed to retrieve EpgListings (Error: Unable to connect
to the remote server)

Error - 5/26/2012 10:23:22 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:23:01 PM - Failed to retrieve ClientUpdate (Error: Unable to connect
to the remote server)

Error - 5/26/2012 10:24:04 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:23:43 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 5/26/2012 10:26:05 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:25:44 PM - Failed to retrieve Broadband (Error: The operation has
timed out)

Error - 5/26/2012 10:29:25 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:27:45 PM - Failed to retrieve EpgLineups (Error: The operation has
timed out)

Error - 5/26/2012 10:31:23 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 7:31:05 PM - Failed to retrieve EpgListings (Error: The operation
has timed out)

Error - 6/30/2012 11:18:46 AM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 8:18:46 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 7/6/2012 11:49:12 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 8:48:57 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 8/1/2012 11:06:09 PM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 8:06:01 PM - Error connecting to the internet. 8:06:01 PM - Unable
to contact server..

Error - 8/2/2012 12:07:15 AM | Computer Name = BHWC2GDM | Source = MCUpdate | ID = 0
Description = 9:07:02 PM - Error connecting to the internet. 9:07:02 PM - Unable
to contact server..

[ System Events ]
Error - 10/18/2012 4:51:09 AM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =

Error - 10/18/2012 5:14:35 AM | Computer Name = BHWC2GDM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/18/2012 6:16:18 PM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =

Error - 10/19/2012 12:10:42 AM | Computer Name = BHWC2GDM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/19/2012 1:00:25 AM | Computer Name = BHWC2GDM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/20/2012 5:04:08 AM | Computer Name = BHWC2GDM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/20/2012 8:13:01 PM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =

Error - 10/20/2012 8:18:27 PM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =

Error - 10/20/2012 8:23:57 PM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =

Error - 10/20/2012 8:34:28 PM | Computer Name = BHWC2GDM | Source = BROWSER | ID = 8032
Description =


< End of report >

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 18:50:55
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : office1 - BHWC2GDM
# Boot Mode : Normal
# Running from : C:\Users\office1\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\office1\AppData\Roaming\Mozilla\Firefox\Profiles\htwqo2ld.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\office1\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/?hl=en&shva=1#inbox" ]
Deleted [l.3739] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/0/?hl=en&shva=1#inbox" ]

*************************

AdwCleaner[S1].txt - [44241 octets] - [20/10/2012 17:58:57]
AdwCleaner[S2].txt - [1097 octets] - [20/10/2012 18:50:55]

########## EOF - C:\AdwCleaner[S2].txt - [1157 octets] ##########