Cybertechhelp.com

PC Health Kit popup

2013-11-05

Downloaded a PDF converter from CNET and got this. Ran OTL.

OTL logfile created on: 11/4/2013 5:51:01 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ultamaton\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

32.00 Gb Total Physical Memory | 29.58 Gb Available Physical Memory | 92.45% Memory free

63.99 Gb Paging File | 61.52 Gb Available in Paging File | 96.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 738.79 Gb Free Space | 79.32% Space Free | Partition Type: NTFS

Computer Name: MORPHEUS | User Name: Ultamaton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2013/11/04 17:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ultamaton\Desktop\OTL.exe

PRC - [2013/09/10 16:51:14 | 003,109,376 | ---- | M] () -- C:\Users\Ultamaton\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

PRC - [2013/08/29 23:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/08/29 23:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/03/12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2012/11/21 03:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe

PRC - [2012/11/21 03:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

PRC - [2012/10/25 01:05:50 | 000,067,752 | ---- | M] (Robert McNeel & Associates) -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe

PRC - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

PRC - [2011/10/13 22:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

PRC - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) -- C:\Windows\SysWOW64\nisvcloc.exe

PRC - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lktsrv.exe

PRC - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkads.exe

PRC - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

PRC - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/10 16:51:14 | 003,109,376 | ---- | M] () -- C:\Users\Ultamaton\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 14:14:12 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)

SRV:64bit: - [2013/08/29 23:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/03/15 11:52:10 | 004,466,120 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)

SRV:64bit: - [2012/05/25 22:29:46 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/01/20 03:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV:64bit: - [2011/12/09 17:33:38 | 000,113,800 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)

SRV:64bit: - [2010/04/30 05:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/10/08 12:12:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/21 13:25:12 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/21 03:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)

SRV - [2012/10/25 01:05:50 | 000,067,752 | ---- | M] (Robert McNeel & Associates) [Auto | Running] -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe -- (McNeelUpdate)

SRV - [2012/04/15 14:53:37 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2012/04/15 14:53:35 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)

SRV - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)

SRV - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)

SRV - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/29 23:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/08/29 23:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/08/29 23:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/08/29 23:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/08/29 23:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/08/29 23:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/08/29 23:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/08/29 23:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/03/15 11:52:08 | 000,303,368 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)

DRV:64bit: - [2013/03/15 11:52:08 | 000,063,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)

DRV:64bit: - [2013/03/15 11:52:08 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)

DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/30 18:56:54 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NE_UsbDriver_Win64.sy s -- (WinDriver6)

DRV:64bit: - [2011/10/18 09:36:10 | 000,078,208 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)

DRV:64bit: - [2011/10/04 11:53:46 | 000,139,720 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)

DRV:64bit: - [2011/09/28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/09/01 00:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)

DRV:64bit: - [2010/02/01 11:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {41CDE334-7377-46A8-8C6F-6729239288BB}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3306058

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 93 20 F0 F0 19 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {41CDE334-7377-46A8-8C6F-6729239288BB}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{41CDE334-7377-46A8-8C6F-6729239288BB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT3306058&CUI=UN39187806632204426&UM=2

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7ADFA_enUS479

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..CT3306058.browser.search.defaultthis.eng ineName: "true"

FF - prefs.js..browser.search.defaultenginename: "Connect DLC 2 Customized Web Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 2 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN3084869209298 8626&UM=2&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Connect DLC 2 Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI= UN30848692092988626&UM=2&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_117.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_117.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ultamaton\AppData\Roaming\Mozilla\plugins \npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ultamaton\AppData\Roaming\Mozilla\plugins \npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ultamaton\AppData\Roaming\Mozilla\plugins \npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ultamaton\AppData\Local\Google\Update\1.3 .21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ultamaton\AppData\Local\Google\Update\1.3 .21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/17 06:48:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/21 13:25:08 | 000,000,000 | ---D | M]

[2012/04/30 19:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ultamaton\AppData\Roaming\Mozilla\Extensi ons

[2013/11/04 01:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ultamaton\AppData\Roaming\Mozilla\Firefox \Profiles\dc8qs4rk.default\extensions

[2013/11/04 01:52:26 | 000,000,000 | ---D | M] (Connect DLC 2) -- C:\Users\Ultamaton\AppData\Roaming\Mozilla\Firefox \Profiles\dc8qs4rk.default\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}

[2013/10/03 12:45:40 | 000,007,298 | ---- | M] () (No name found) -- C:\Users\Ultamaton\AppData\Roaming\Mozilla\Firefox \Profiles\dc8qs4rk.default\extensions\firefox@luck yleap.net.xpi

[2013/09/21 13:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/09/21 13:25:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2005/10/12 14:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll

[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll

[2012/04/30 21:29:02 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instant ExtendedEnabledParameter}{google:omniboxStartMargi nParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client={google:suggestClient}&q={sea rchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google:pageClassification}sugkey={google:sug gestAPIKeyParameter},

CHR - homepage: http://search.conduit.com/?ctid=CT33...204430590&UM=2

CHR - plugin: First user (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Error reading preferences file

CHR - Extension: New Tab Page = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\amfclgbdpgndipgoegfpkkgoba higbcl\1.4_0\

CHR - Extension: Google Docs = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\

CHR - Extension: lucky leap = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\eiimolhnbbbdagljikeckdkldg emmmlj\1.0.0_0\

CHR - Extension: Connect DLC 2 = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ffekppndigniegkobcngkdmaad bhhonj\10.22.0.88_0\

CHR - Extension: Connect DLC 2 = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ffekppndigniegkobcngkdmaad bhhonj\10.22.0.88_0\nativeMessaging\nmHost

CHR - Extension: Chrome In-App Payments service = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.4.11_0\

CHR - Extension: Gmail = C:\Users\Ultamaton\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2012/06/08 17:15:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Ultamaton\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()

O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Ultamaton\AppData\Local\Smartbar\Applicat ion\QuickShare.exe startup File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{077AA6B6-C09F-4D16-8731-CE1EE136B52D}: DhcpNameServer = 10.0.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/04 17:40:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ultamaton\Desktop\OTL.exe

[2013/11/04 01:53:53 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\Documents\PC Health Kit

[2013/11/04 01:53:52 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Roaming\PC Health Kit

[2013/11/04 01:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/11/04 01:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lucky leap

[2013/11/04 01:53:03 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Local\Smartbar

[2013/11/04 01:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit

[2013/11/04 01:52:55 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Local\Conduit

[2013/11/04 01:52:43 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Local\NativeMessaging

[2013/11/04 01:52:40 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Local\CRE

[2013/11/04 01:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2013/11/04 01:52:28 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Roaming\SearchProtect

[2013/11/04 01:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

[2013/11/04 01:39:17 | 000,000,000 | ---D | C] -- C:\Users\Ultamaton\AppData\Roaming\Foxit Software

[2013/11/04 01:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software

[2013/10/09 02:15:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/10/09 02:15:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/10/09 02:15:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/10/09 02:15:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/10/09 02:15:28 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/10/09 02:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/10/09 02:15:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/10/09 02:15:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/10/09 02:15:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/10/09 02:15:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/10/09 02:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/10/09 02:15:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/10/09 02:15:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/10/09 02:15:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/10/09 02:15:24 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/10/08 23:50:30 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/10/08 23:50:20 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/10/08 23:50:20 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/10/08 23:50:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll

[2013/10/08 23:50:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll

[2013/10/08 23:50:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/10/08 23:50:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/10/08 23:50:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/10/08 23:50:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/10/08 23:50:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/10/08 23:50:10 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys

[2013/10/08 23:50:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2013/10/08 23:49:43 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/10/08 23:49:41 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll

[2013/10/08 23:49:40 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/10/08 23:49:40 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/10/08 23:49:40 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll

[2013/10/08 23:49:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/10/08 23:49:39 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll

[2013/10/08 23:49:38 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/10/08 23:49:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/10/08 23:49:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/10/08 23:49:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/10/08 23:49:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/10/08 23:49:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/10/08 23:49:33 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNati ve_v0300.dll

[2013/10/08 23:49:33 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNativ e_v0300.dll

[2013/10/08 23:45:03 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll

[2013/10/08 23:43:42 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/10/08 23:43:42 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/10/08 18:52:06 | 000,000,000 | ---D | C] -- C:\PCDMIS 2012 Help

========== Files - Modified Within 30 Days ==========

[2013/11/04 17:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/04 17:40:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ultamaton\Desktop\OTL.exe

[2013/11/04 17:39:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3251614651-3046912706-2456654748-1000UA.job

[2013/11/04 17:35:57 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/04 17:35:57 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/04 17:32:44 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/11/04 17:32:44 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/11/04 17:32:44 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/11/04 17:29:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/04 17:28:32 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock

[2013/11/04 17:28:22 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2013/11/04 17:28:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/04 17:28:09 | 4293,119,995 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/04 17:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/04 01:53:11 | 000,000,009 | ---- | M] () -- C:\END

[2013/11/04 01:39:34 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2013/11/03 23:39:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3251614651-3046912706-2456654748-1000Core.job

[2013/11/03 22:55:39 | 000,013,255 | ---- | M] () -- C:\Users\Ultamaton\Desktop\Duvall House Purchase Info.ods

[2013/11/03 22:43:48 | 000,020,536 | ---- | M] () -- C:\Users\Ultamaton\Desktop\Duvall House Major Expenses.ods

[2013/11/03 22:21:53 | 000,024,604 | ---- | M] () -- C:\Users\Ultamaton\Desktop\Bothell House Major Expenses.ods

[2013/11/01 15:32:32 | 000,010,184 | ---- | M] () -- C:\Users\Ultamaton\Desktop\DGK Projects.odt

[2013/11/01 11:52:56 | 000,020,998 | ---- | M] () -- C:\Users\Ultamaton\Desktop\DK MK Financial.ods

[2013/10/28 12:06:44 | 1180,407,486 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/10/26 16:05:31 | 000,024,860 | ---- | M] () -- C:\Users\Ultamaton\Desktop\SMC Minutes Oct 22, 2013.odt

[2013/10/18 18:14:29 | 000,000,052 | ---- | M] () -- C:\Windows\mwMSimApp.INI

[2013/10/11 23:55:44 | 000,000,562 | ---- | M] () -- C:\Users\Ultamaton\Desktop\PC-DMIS Help.lnk

[2013/10/09 02:39:31 | 000,429,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/09 02:14:22 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/10/08 12:12:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/08 12:12:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/11/04 17:28:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock

[2013/11/04 01:52:04 | 000,000,009 | ---- | C] () -- C:\END

[2013/11/04 01:39:34 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2013/10/31 18:57:08 | 000,013,255 | ---- | C] () -- C:\Users\Ultamaton\Desktop\Duvall House Purchase Info.ods

[2013/10/14 20:18:17 | 000,020,536 | ---- | C] () -- C:\Users\Ultamaton\Desktop\Duvall House Major Expenses.ods

[2013/10/14 20:17:58 | 000,024,604 | ---- | C] () -- C:\Users\Ultamaton\Desktop\Bothell House Major Expenses.ods

[2013/10/11 23:55:44 | 000,000,562 | ---- | C] () -- C:\Users\Ultamaton\Desktop\PC-DMIS Help.lnk

[2013/07/05 14:46:33 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI

[2013/04/16 14:18:29 | 000,000,052 | ---- | C] () -- C:\Windows\mwMSimApp.INI

[2013/01/08 13:41:52 | 000,000,400 | ---- | C] () -- C:\Windows\i_jdmjol479.ini

[2013/01/08 13:41:52 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\fdpnqch314.dat

[2012/10/12 17:18:19 | 000,000,231 | ---- | C] () -- C:\Windows\rfCommonBase.INI

[2012/04/23 20:07:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/15 17:30:53 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol343.ini

[2012/04/15 17:30:53 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdpnqch806.dat

[2012/03/29 17:36:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D346F792

< End of report >

Thanks

Shirley