'search' is coming up

Discussion in 'Windows - General discussion' started by Heather59, Dec 23, 2013.

  1. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I know I've done something wrong;shut off something I shouldn't have, but I can't find my files.My START menu documents and pictures are EMPTY. When I go to search and copy and paste a file name, it STILL says no item found, even tho I copied it OFF the file in 'my computer'
    This was prompted by the fact that I just uploaded 14 video's and pic to my comp from my camera and they VANISHED.. causing me to start a frantic search only to find my search isn't working.
     
    Last edited: Dec 23, 2013
  2. keebles

    keebles Regular member

    Joined:
    Aug 13, 2005
    Messages:
    766
    Likes Received:
    1
    Trophy Points:
    28
  3. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
  4. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    right click on desktop,personalize is at the bottom clik it,if the menu bar isn't there left clik on organise then scroll to layout & left clik menu bar so a tick appears,you'll now have menu bar back like in xp
     
    Last edited: Dec 25, 2013
  5. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I took a pic of my desktop but I can't get it to post on here so you can see what I do not have.
     
  6. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    try system restore to before this problem started.
     
  7. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Nothing has fixed this problem. And since I restored genuine status to my computer, it has been freezing all the time. It won't switch between tabs. In my picture, it often won't switch to the next line of folder, or it shows the folder as being open..mostly just shows the contents of the previous folder I had clicked on. This is driving me crazy and I blame NSA spying..computer is NOT responding to mouse clicks and I do NOT have a wireless mouse.I can't click and drag to highlight things. I get no cursor half the time. I have installed all the updates I was missing and NOTHING is working properly. HELP!!!
     
    Last edited: Jan 4, 2014
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    do properties on those folders to see if the missing files are still there but hidden from sight.
     
  9. Heather59

    Heather59 Member

    Joined:
    Oct 28, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    It flashes the properties box for a split second and vanishes.

    OTL logfile created on: 1/4/2014 10:19:29 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.61% Memory free
    7.99 Gb Paging File | 6.52 Gb Available in Paging File | 81.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 133.37 Gb Free Space | 50.20% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/14 22:21:18 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/10/09 08:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/11/14 22:21:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/12/20 19:45:58 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
    SRV - [2013/12/20 08:48:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/11 04:28:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/11/14 22:21:24 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/11/14 22:21:24 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/01/21 23:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/01/21 23:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2013/12/21 07:54:09 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes,DefaultScope = {4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.intellicast.com/Local/Weather.aspx|https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/05 09:27:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 08:48:15 | 000,000,000 | ---D | M]

    [2012/03/14 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2013/11/13 09:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
    [2013/09/12 18:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
    [2013/12/20 08:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/12/20 08:48:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/20 08:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/20 08:48:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/20 08:48:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/12/05 09:27:41 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

    ========== Chrome ==========

    CHR - default_search_provider: dosearches (Enabled)
    CHR - default_search_provider: search_url = http://search.dosearches.com/web/?u...72&ts=1384114876&type=default&q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_2\
    CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

    O1 HOSTS File: ([2013/10/07 22:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/08 15:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
    O32 - AutoRun File - [2010/12/08 15:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/30 05:00:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/12/30 05:00:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2013/12/30 05:00:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/12/30 05:00:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/12/30 05:00:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/12/30 05:00:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2013/12/30 05:00:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/12/30 05:00:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2013/12/30 05:00:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/12/30 05:00:44 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/12/30 05:00:44 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2013/12/30 05:00:44 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2013/12/30 05:00:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/12/30 05:00:41 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/12/30 05:00:41 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/12/30 05:00:38 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/12/29 09:22:21 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
    [2013/12/29 09:20:48 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/12/29 09:20:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/12/29 09:20:39 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/12/29 09:20:39 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
    [2013/12/29 09:20:39 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/12/29 09:20:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/12/29 09:20:39 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/12/29 09:20:39 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/12/29 09:20:39 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/12/29 09:20:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/12/29 09:20:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/12/29 09:20:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/12/29 09:20:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/12/29 09:20:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/12/29 09:20:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/12/29 09:20:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/12/29 09:20:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/12/29 09:20:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/12/29 09:20:39 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2013/12/29 09:20:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/12/29 09:20:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/12/29 09:20:38 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/12/29 09:20:38 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
    [2013/12/29 09:20:38 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/12/29 09:20:38 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/12/29 09:20:38 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/12/29 09:20:38 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/12/29 09:20:38 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/12/29 09:20:38 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/12/29 09:20:38 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/12/29 09:20:38 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/12/29 09:20:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/12/29 09:20:38 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/12/29 09:20:38 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/12/29 09:20:38 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/12/29 09:20:38 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/12/29 09:20:38 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/12/29 09:20:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/12/29 09:20:38 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/12/29 09:20:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/12/29 09:20:38 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/12/29 09:20:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/12/29 09:20:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/12/29 09:20:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/12/29 09:20:38 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/12/29 09:20:38 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/12/29 09:20:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/12/29 09:20:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/12/29 09:20:38 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/12/29 09:20:38 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2013/12/29 09:20:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/12/29 09:20:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/12/29 09:20:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/12/29 09:20:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/12/29 09:20:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2013/12/29 09:20:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2013/12/29 09:20:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/12/29 09:20:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/12/29 09:20:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/12/29 09:20:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2013/12/29 09:20:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/12/29 09:20:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/12/29 09:20:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/12/29 09:20:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/12/29 09:19:41 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/12/29 09:19:41 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/12/29 09:19:41 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/12/29 09:19:41 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/12/29 09:19:41 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
    [2013/12/29 09:19:41 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
    [2013/12/29 09:19:41 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
    [2013/12/29 09:19:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/12/29 09:19:41 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/12/29 09:19:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/12/29 09:19:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/12/29 09:19:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/12/29 09:19:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/12/29 09:19:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/12/29 09:19:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/12/29 09:19:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/12/29 09:16:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/12/29 05:31:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/12/29 05:31:16 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/12/29 05:31:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/12/29 05:31:16 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/12/29 05:31:16 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/12/29 05:31:16 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/12/29 05:31:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/12/29 05:31:16 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/12/29 05:31:16 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/12/29 05:31:16 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/12/29 05:31:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/12/29 05:31:16 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/12/29 05:31:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/12/29 05:31:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/12/29 05:31:16 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/12/29 05:31:16 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/12/29 05:31:16 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/12/29 05:31:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/12/29 05:31:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/12/29 05:31:16 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/12/29 05:31:16 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/12/29 05:31:16 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/12/29 05:29:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/12/29 05:29:07 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/12/28 13:42:15 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
    [2013/12/28 13:42:07 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/12/28 13:41:53 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/12/28 13:41:53 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/12/28 13:41:49 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2013/12/28 13:41:33 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
    [2013/12/28 13:41:33 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
    [2013/12/28 13:41:30 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2013/12/28 13:41:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2013/12/28 13:41:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
    [2013/12/28 13:41:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
    [2013/12/28 13:41:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2013/12/28 13:41:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
    [2013/12/28 13:41:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2013/12/28 13:41:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
    [2013/12/28 13:41:28 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/12/28 13:41:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2013/12/28 13:41:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/12/28 13:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2013/12/28 13:41:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2013/12/28 13:41:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/12/28 13:41:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/12/28 13:41:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/12/28 13:41:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/12/28 13:41:24 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/12/28 13:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/12/28 13:41:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/12/28 13:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/12/28 13:41:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
    [2013/12/28 13:41:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/12/28 13:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/12/28 13:41:15 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/12/28 13:41:15 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/12/28 13:41:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
    [2013/12/28 13:41:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
    [2013/12/28 13:41:08 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2013/12/28 13:41:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
    [2013/12/28 13:41:01 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
    [2013/12/28 13:41:00 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2013/12/28 13:41:00 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2013/12/28 13:40:59 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2013/12/28 13:40:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/12/28 13:40:38 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/12/28 13:40:38 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/12/28 13:40:36 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2013/12/28 13:40:31 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2013/12/28 13:40:31 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2013/12/28 13:40:27 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2013/12/28 13:40:27 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2013/12/28 13:40:26 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2013/12/28 13:40:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2013/12/28 13:40:16 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
    [2013/12/28 13:40:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
    [2013/12/28 13:40:16 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
    [2013/12/28 13:40:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
    [2013/12/28 13:40:16 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
    [2013/12/28 13:40:16 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
    [2013/12/28 13:40:06 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
    [2013/12/28 13:40:06 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
    [2013/12/28 13:40:06 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2013/12/28 13:40:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2013/12/26 15:58:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Star Wars - The Old Republic
    [2013/12/21 07:54:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SWTOR
    [2013/12/21 07:54:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\HeroBlade Logs
    [2013/12/20 19:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BitRaider
    [2013/12/20 19:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
    [2013/12/20 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SWTORPerf
    [2013/12/20 19:43:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
    [2013/12/20 19:43:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
    [2013/12/20 19:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
    [2013/12/20 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2013/12/20 08:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    ========== Files - Modified Within 30 Days ==========

    [2014/01/04 22:17:24 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/04 22:14:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/04 22:14:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    [2014/01/04 21:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/04 16:38:09 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/04 16:38:09 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/04 16:38:09 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/04 16:37:15 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/04 16:37:15 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/04 16:32:36 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/04 16:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/04 16:31:48 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/03 23:14:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    [2014/01/03 11:49:18 | 000,001,997 | ---- | M] () -- C:\Users\Administrator\Documents\Solar panel kit Thunderbolt Magnum Solar - item#68751.rtf
    [2013/12/29 18:46:21 | 000,000,136 | ---- | M] () -- C:\Users\Administrator\Desktop\STAR WARS™ The Old Republic™ - Shortcut.lnk
    [2013/12/29 09:20:48 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/12/29 09:20:48 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/12/29 09:20:39 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/12/29 09:20:39 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
    [2013/12/29 09:20:39 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/12/29 09:20:39 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/12/29 09:20:39 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/12/29 09:20:39 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/12/29 09:20:39 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/12/29 09:20:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/12/29 09:20:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/12/29 09:20:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/12/29 09:20:39 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/12/29 09:20:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/12/29 09:20:39 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/12/29 09:20:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/12/29 09:20:39 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/12/29 09:20:39 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/12/29 09:20:39 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2013/12/29 09:20:39 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/12/29 09:20:39 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/12/29 09:20:39 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/12/29 09:20:38 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/12/29 09:20:38 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
    [2013/12/29 09:20:38 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/12/29 09:20:38 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/12/29 09:20:38 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/12/29 09:20:38 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/12/29 09:20:38 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/12/29 09:20:38 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/12/29 09:20:38 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/12/29 09:20:38 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/12/29 09:20:38 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/12/29 09:20:38 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/12/29 09:20:38 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/12/29 09:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/12/29 09:20:38 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/12/29 09:20:38 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/12/29 09:20:38 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/12/29 09:20:38 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/12/29 09:20:38 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/12/29 09:20:38 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/12/29 09:20:38 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/12/29 09:20:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/12/29 09:20:38 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/12/29 09:20:38 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/12/29 09:20:38 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/12/29 09:20:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/12/29 09:20:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/12/29 09:20:38 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/12/29 09:20:38 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2013/12/29 09:20:38 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/12/29 09:20:38 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/12/29 09:20:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/12/29 09:20:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/12/29 09:20:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2013/12/29 09:20:38 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2013/12/29 09:20:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/12/29 09:20:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/12/29 09:20:38 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/12/29 09:20:38 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2013/12/29 09:20:38 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/12/29 09:20:38 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/12/29 09:20:38 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/12/29 09:20:38 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/12/29 09:20:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/12/29 09:19:41 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/12/29 09:19:41 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/12/29 09:19:41 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/12/29 09:19:41 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/12/29 09:19:41 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
    [2013/12/29 09:19:41 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
    [2013/12/29 09:19:41 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
    [2013/12/29 09:19:41 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/12/29 09:19:41 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/12/29 09:19:41 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/12/29 09:19:41 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/12/29 09:19:41 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/12/29 09:19:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/12/29 09:19:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/12/29 09:19:41 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/12/29 09:19:41 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/12/29 06:19:08 | 000,314,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/12/29 05:56:56 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/12/29 05:31:16 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/12/29 05:31:16 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/12/29 05:31:16 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/12/29 05:31:16 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/12/29 05:31:16 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/12/29 05:31:16 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/12/29 05:31:16 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/12/29 05:31:16 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/12/29 05:31:16 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/12/29 05:31:16 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/12/29 05:31:16 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/12/29 05:31:16 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/12/29 05:31:16 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/12/29 05:31:16 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/12/29 05:31:16 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/12/29 05:31:16 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/12/29 05:31:16 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/12/29 05:31:16 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/12/29 05:31:16 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/12/29 05:31:16 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/12/29 05:31:16 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/12/29 05:31:16 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/12/29 05:31:16 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/12/29 05:29:07 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/12/29 05:29:07 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/12/28 13:04:36 | 454,572,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/12/28 12:55:54 | 000,127,930 | ---- | M] () -- C:\Users\Administrator\Documents\screenshot1.JPG
    [2013/12/24 23:24:47 | 000,012,391 | ---- | M] () -- C:\Users\Administrator\Documents\Herbology chart.ods
    [2013/12/20 19:48:04 | 000,000,224 | ---- | M] () -- C:\Users\Administrator\Documents\Speech Theropy.rtf
    [2013/12/20 18:45:51 | 000,001,161 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/12/14 20:42:00 | 000,000,599 | ---- | M] () -- C:\Users\Administrator\Documents\Rabbit Pot Pie.rtf
    [2013/12/12 20:00:05 | 000,002,526 | ---- | M] () -- C:\Users\Administrator\Documents\How to tan a hide.rtf
    [2013/12/11 04:28:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/12/11 04:28:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/12/10 09:50:24 | 000,001,140 | ---- | M] () -- C:\Users\Administrator\Documents\Natural De-Skunking.rtf
    [2013/12/09 18:22:32 | 000,000,494 | ---- | M] () -- C:\Users\Administrator\Documents\Facial cleaner.rtf
    [2013/12/09 18:12:25 | 000,000,838 | ---- | M] () -- C:\Users\Administrator\Documents\Deodorant.rtf
    [2013/12/07 22:46:40 | 000,001,927 | ---- | M] () -- C:\Users\Administrator\Documents\Grant proposal.rtf

    ========== Files Created - No Company Name ==========

    [2014/01/03 11:49:18 | 000,001,997 | ---- | C] () -- C:\Users\Administrator\Documents\Solar panel kit Thunderbolt Magnum Solar - item#68751.rtf
    [2013/12/29 18:46:21 | 000,000,136 | ---- | C] () -- C:\Users\Administrator\Desktop\STAR WARS™ The Old Republic™ - Shortcut.lnk
    [2013/12/29 09:20:39 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/12/29 09:20:38 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/12/28 13:41:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/12/28 12:55:37 | 000,127,930 | ---- | C] () -- C:\Users\Administrator\Documents\screenshot1.JPG
    [2013/12/24 23:24:46 | 000,012,391 | ---- | C] () -- C:\Users\Administrator\Documents\Herbology chart.ods
    [2013/12/15 17:55:43 | 000,000,224 | ---- | C] () -- C:\Users\Administrator\Documents\Speech Theropy.rtf
    [2013/12/14 20:42:00 | 000,000,599 | ---- | C] () -- C:\Users\Administrator\Documents\Rabbit Pot Pie.rtf
    [2013/12/12 20:00:04 | 000,002,526 | ---- | C] () -- C:\Users\Administrator\Documents\How to tan a hide.rtf
    [2013/12/10 09:50:24 | 000,001,140 | ---- | C] () -- C:\Users\Administrator\Documents\Natural De-Skunking.rtf
    [2013/12/09 18:22:16 | 000,000,494 | ---- | C] () -- C:\Users\Administrator\Documents\Facial cleaner.rtf
    [2013/12/09 18:12:24 | 000,000,838 | ---- | C] () -- C:\Users\Administrator\Documents\Deodorant.rtf
    [2013/09/09 18:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/06/11 13:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/11 13:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/11 13:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/11 13:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/11 13:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/22 12:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
    [2011/09/22 12:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
    [2011/09/22 12:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
    [2011/09/22 12:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
    [2011/09/22 12:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
    [2011/09/22 12:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
    [2010/03/21 20:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
    [2010/01/21 23:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

    OTL Extras logfile created on: 1/4/2014 10:19:29 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.61% Memory free
    7.99 Gb Paging File | 6.52 Gb Available in Paging File | 81.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 133.37 Gb Free Space | 50.20% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02109923-58DE-436D-99FF-1C6DD6DCEB2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{04C551AF-F1EC-4FA1-8D32-1E8A952E3B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1D3C15FD-83BD-4A52-A91C-23F554087069}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{21C3F113-25C0-4EF0-9677-2D6FC3899A39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{296DDE05-E3D3-4B37-B5A6-5BEB77E8E1FF}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2DD6F556-97A1-43CE-A99F-A68D729FB428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2EA41563-AA5A-4568-8311-16BCAA54E556}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3B893F0D-45C7-45BC-8565-E4D8E588D879}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3BEBCE02-90E6-49C2-AB8E-D0E133F973C4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3EAC3896-AB20-408A-B67F-FCD282957212}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3FBDCD98-6359-43BC-8966-6AC5360C751B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41FDEC60-1232-4C72-AFA7-38E9E76C6F9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E4A9301-16EE-4A5E-AFC0-4E1F563A61BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{544C6F0B-BB87-432E-ADED-420D13C3CF08}" = rport=138 | protocol=17 | dir=out | app=system |
    "{58A192BB-67A4-4AEE-B875-C0CDA81E4E2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{5AEAFD0F-EFF7-4399-B4DB-D7236F445CD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6D99F18E-E6E9-4872-A377-A1D526D8E516}" = lport=445 | protocol=6 | dir=in | app=system |
    "{782F927A-1613-4631-9190-154E2545688B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7A0A307E-7CEC-42D2-9D8F-DF075DFB74DA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{88381AFE-21D5-44F7-9B09-0ACCE6C3F4A5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8AD6B1F2-34BF-43A9-809D-EE7ECA4C05E1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8D6326E2-C029-4F58-8CDF-06FC3251BE58}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8EBF65DD-2B6A-4005-9D74-B7BC6D054773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{91203BDD-77BA-4939-A9DB-556F1A9F5DEA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A9AB3E78-5AA2-48B4-982A-9D689C8F22CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B078800F-29A5-42ED-8248-77313FE6C9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{B4C2AC26-7480-4373-83DC-78B5B14016F5}" = rport=139 | protocol=6 | dir=out | app=system |
    "{CB1F74EC-0FED-4478-9607-229EB472B727}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D11369EC-51CF-4002-9BB9-EE281CD4D2E5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{DA8E7325-DDA2-4C7B-A685-F6559E446910}" = lport=138 | protocol=17 | dir=in | app=system |
    "{EEE4E301-CE29-4C52-AC30-7770BEFF820C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F7E7FAD8-7360-4935-B119-9702984957AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00311F48-0F29-488F-8C3B-D8648ED5B8F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0408E68F-5B84-4FD5-A49A-7A30B8F656C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{04D6EC3C-DFDF-417A-86F7-DB603D0C3114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{08D93482-047A-496E-B19B-8581EF1E8FF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{098D0CC5-C454-4B56-9968-D47375FF2F6B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{0AC43648-D635-49D6-9A04-AC09668D7698}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0B558FDA-3ED4-49F4-8BEC-F6125F84A329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0BC53665-FEFF-4D87-89D4-8085554906D8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{0CF63E0B-8161-47D7-A6B8-FCDC89A45540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0EC91F12-DDFD-42E0-9049-490C8F1B7F50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{104CD85C-ED0C-4635-A9A0-2B2C02392CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{10EEAB44-3FB5-4546-8F4D-6B662040E271}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
    "{1277EADC-BC10-4311-BCE1-A523BB6E5FA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{12C0DE8F-7F77-45A3-AE45-3FBE9042DCEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{14174ECC-7EA3-4A1B-95DE-36089B84A920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1474766B-FA9C-47AB-8436-892E79C2F0BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{14C87901-7B5F-4B45-B817-DDE0E2FC6043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{16FD6CFF-9A27-4474-98DB-665AD42EE260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{18D10E0E-A629-4B6B-8438-BAB97290F472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{19FD5AA3-521D-4117-8B7F-CB50F87DF1EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{20A40D95-2BBE-4DDE-AA0F-C2975794750A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{228B0EE6-2D47-4C8F-B09C-11DA7E9DD6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{23602F4D-5DF3-439E-82E1-75678C205C62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
    "{2496A364-E9AE-4967-8912-324E9FFC8BAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{24FDC758-0F07-41FB-9ED0-83C92BBF9798}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{28FC52AE-8D12-4B3C-8637-BF69F91333FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2952C625-8D4E-44D4-8C51-F3D64E6F18A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2A98A467-D1D5-4D42-96B6-A6D59745F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2AF5D644-C2C7-4B41-A699-CFABD4C0886A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2CB99F0C-AEDF-49D1-98B5-B12720325EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2E7C2F63-4C81-42B5-9F4D-329D254FA816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{31E2B3FA-2F3B-42AE-9031-39B0D7B9F489}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3329FB89-E472-446A-9834-B76074720973}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{381609CE-9224-4731-B63C-99147B00F0D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{38940A29-65AC-4309-8F0F-C470EA8E98D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3A119B52-6641-40C5-9250-44E0A5CA31A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3AEC39A4-C52A-4E25-B15B-5E4A0D0C9502}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3B5A42EE-1423-4FE1-9AD6-178D9C01C65E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{3B936A4D-70FE-40F9-9EA3-AD6F7F871809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3DA3F282-D4F4-4243-A23C-E23952092F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{40BB3EF8-E0E7-481D-A010-C23990311C93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{41E8B170-DFFC-454C-9CFF-2C7E22971EB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{42C60383-4B87-4251-91F4-18A94593512E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4331AB8D-40FB-41AE-AEAA-A90D87C2F121}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{46C9A6B9-42DD-4E13-AF03-0F9CC7C13DD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{472BD21F-430D-4ABC-82A6-E8C338BB9091}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{47E2DBF7-BCEE-43B4-BF60-BAE3F5356CE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{493F3844-E423-4F17-B42C-1BED80F15B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{494FDB24-D4AD-4588-8530-651E7A5DBCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
    "{4AD8ACF5-2367-4F09-AB36-0522F3D2A98C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4FCA9B9C-5B8B-4107-A0B2-08F4B53C4190}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{553A812A-53FB-4CE9-AA15-9BB558B72340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{55A3E1DA-59DC-40D7-B5B7-BF379B56D4EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{56186BAB-E98C-4283-8FF4-3F8B81098673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{56426541-6346-4775-88C8-019A29A81E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{581BB415-4596-45DE-B3ED-11AD05AB8F63}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{59DCF8A9-8678-4DD9-850B-75B38745B467}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5DD658B6-61C5-485E-B520-99A260D45565}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5E2740FB-0851-4226-B44D-92AAFAB7313F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{629A74DD-A90E-422F-A071-018401BCF3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{645F4D2E-269E-42A4-B8BC-6008795F73C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6994F34D-EB6D-4302-96C4-392C926E4AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6C7D6119-C9B4-4B17-AD9D-B52B1B771392}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6D5E9F76-E9F8-41E6-966E-262787127F87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6DB3BF43-3B70-487D-8BD3-513F90446D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6E7E7A67-43B7-41E9-B498-42A8A098BF55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{745188ED-E5ED-4EA6-B3D4-C74B243B94D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{752E9BFE-EC43-453F-9799-BF17FE4BBDD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{75993784-FD3C-41F1-B94C-15DD585A101C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{770F4358-C2BC-4BFE-BD8E-179262D625E8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{79ACCB2A-C3D2-4519-B964-1AE5D186731D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7D284FB7-EAAA-4E7D-B807-3AD5E6B59621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7F61BB87-8A88-47FB-8A0D-05F0078EE8D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{812C87E0-0290-466C-8C32-DDD59D0FA250}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{83586608-9402-4AF5-ABE9-A2D8A6E4D0E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83C70BFC-6935-4C1C-AB8E-EE0907ACC97E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83CDBE8E-D964-4C56-B1A6-07DEE8BCA7C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{845FD6AD-AE20-4E76-B8B2-41CDC9EC7826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8626B8CB-8CD8-4792-A39C-FE5D6EABCED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{874D639B-D876-4D1E-91CA-B72868813AC2}" = protocol=6 | dir=out | app=system |
    "{877E6A9C-6D1A-4C11-B8BA-666419921E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{89777727-4B2E-43A5-AB4E-7D69873AEDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{8C0E317F-C29B-43D6-B206-A5346A9E0118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8C697BA1-B55D-4AFE-B534-4E096B6D4DA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8FFA4002-75F3-4C5F-BBCA-0B659B2A052D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
    "{91FA20F8-1720-49CF-8B50-B7FA1171776F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92811427-FC93-418C-A6CB-5AE7E3287848}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92CBCB8D-A58A-40AA-AF7B-65B22C28000B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9349092F-74E4-46AC-B3DF-FC4D647D8F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9539FFAC-6BA1-459C-B82E-B0F63EE5A9C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9548D6C9-91ED-4D1A-8A5A-732A60988442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{977FA503-4BA5-4DEA-B182-897A2D3F7762}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97AE8968-DDEE-4446-AF88-058AAA43C64D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97E72EF4-70F7-4B4B-8347-3940B2B04B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9A342156-B72E-4324-A74C-DC5DD9529ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{9B05355E-1802-4EB7-A38C-634BCA293C50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9BF2E0E9-4679-48C4-AF61-12EC0E6B964D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9C8A57E6-B5FA-47E2-BF61-935E2FF02067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A127AC3E-077E-4943-B32E-A9F0A3E51929}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A3484B5C-9035-4D89-B4CE-0B6D4A2E6822}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A72A86E5-FC5D-4524-8A71-6191B9F999FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A78AF983-0C55-4F79-AEF0-37BD19267F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A8A27C97-C374-4052-BC4D-A91116B46E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
    "{A932002F-7F95-4451-BF44-70501FE751E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A9BB6C83-F497-44C7-9706-6C45CB9419CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B0A00A4A-98AF-479F-A60E-BF78E5900747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B1BCB113-EAEE-48EB-878B-E617CF367039}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B2CD3F33-6D33-4173-94E7-9701EBF4D020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B370784D-EDB8-4DB5-8F43-BB6907ABA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B39E4FC6-2F10-45F4-9038-6241CE6B1FE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B414A20A-952C-449F-A094-98D82671D2E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B8A3BE06-8D51-4E8C-B217-1DCB9B7E9134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B8ED47A1-B515-444A-8E50-7BC27B8C2AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{BA23ED01-CB99-4643-8117-16087874DD3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BEC0A3EF-A18D-45FA-B8AD-0ABDCC7CFFE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BF3E7038-B4AD-4AD0-8BF7-777D2652C65B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C13DEF69-1C49-4C49-95E2-066F8B8CC68F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C1F1BEF2-B36D-400A-AD00-CF33ECB9F84D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C454A1FB-0942-43DA-AC46-CAFD3396C5D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C563A4E2-B99B-468B-9DEE-FB8402CB82A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C69F6E37-D1FD-48A4-B994-7560838BD72D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CA7BAACB-1DB2-4251-AC1D-C44C660181EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CAF18376-20C9-4A1B-AB3A-85A60D877CA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CBBF97A8-D882-4E17-BBC4-BC9156111481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D059E87B-D188-44A2-AE76-B5E5A63C6CA2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{D23F8664-DB14-4685-99E9-455AB57F5F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D24917D9-BD42-4CAF-BBCB-CE7B22B3EA3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D2D67EF8-C8FD-471F-B44F-B378EBDEFD78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D367154C-62CA-4A86-BD04-986431A491AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D3BA2A03-BBDF-4AFA-9A18-0EF8E016C1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D44436BF-CF2E-4027-A2E2-00189BAFFF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D65C7866-91A4-40F6-8440-9D213167241F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D6D8519B-6550-42BF-A8D9-ACD187E4E089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D9C62700-3E99-4705-8175-8D7F6D506A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DA6DAA1C-8EF4-4F74-9D26-5729392A9E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DB3B50FE-33D8-4DB1-A298-931E80D7139C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{DCC7FDE4-10D5-49D6-9C6A-CD0477C3E48D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
    "{DDDB42EB-3402-4CE0-B135-D1667D27D8F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DE69BFBA-C195-448D-BA58-01C96C855408}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E29F3C5D-0A90-43DB-8226-45BC27C1F98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3A9F768-D423-40F9-BECD-78A7DB887B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E4BD17C6-045D-441D-AB32-75EF7E754742}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7642C57-68C8-494D-B6F1-49FB326787E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7EB89A0-8477-4574-91B1-4958D9CE8444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E88CAC5B-23BF-4816-9F4D-C37367C3A57C}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
    "{E9C7D95A-0F44-480A-BF48-4B6AE48D5156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E9E2A5FF-48BB-4890-A2F2-A6982A70FEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EAFB3E86-8026-40DA-BFEC-FE3E05258632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EBC0D362-AE58-48D5-B25F-9023D3FB0054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EE311C9B-B13A-4CE4-B110-26683A4F4E6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EFA59528-040C-416C-A2EB-8A01B4A45E24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F075781E-BB22-47C6-B021-5FD16161F42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F0D1A1CE-4718-417B-AC9C-4E7B0CB9FCB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F0F9E34F-EB8F-4215-ACE3-9471A8AE98BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F4B26AC3-0ECF-419D-B758-0BC4E797D9C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F656EA24-FDD9-48E0-BA1F-1024D4BC6C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F7A14DFD-2E65-4832-BDC2-166239565309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F9852E3F-B21A-4139-86A4-708CDD6AB8AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FB5D52DF-4EC4-4177-9FAE-3CA2B7437FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FB7DF6E2-709E-4978-A092-777FA9F75251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{1B7F224C-C0A2-44EE-922A-D44B04250C2F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{ACBFBD4B-9672-4760-817F-E75ED880DDE9}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{EBF520A1-D2C6-436B-BC4B-F7FAB1EE5B11}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{5DDE8B11-E298-4964-B616-A9213A2EF60A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{A4D17D4A-B5B4-4939-B113-40969E46F370}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{D88F583E-B15E-49D0-9152-7C5FDF9A5E64}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "Defraggler" = Defraggler
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.04.04.8012
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "ATITool" = ATITool Overclocking Utility
    "avast" = avast! Free Antivirus
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "BitRaider Web Client" = BitRaider Web Client
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DMUninstaller" = DMUninstaller
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "fileopenerpro" = File Opener Pro
    "HaaliMkx" = Haali Media Splitter
    "Legacy 7.0" = Legacy 7.0
    "LegacyChart7_is1" = Legacy Charting 7.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Network Play System (Patching)" = Network Play System (Patching)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "SumatraPDF" = SumatraPDF
    "swtor_swtor" = Star Wars The Old Republic
    "VideoPlayer" = VideoPlayer v2.0.6
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/29/2013 1:30:55 AM | Computer Name = HeatherPC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/30/2013 1:31:03 AM | Computer Name = HeatherPC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/30/2013 9:49:46 AM | Computer Name = HeatherPC | Source = Application Error | ID = 1000
    Description = Faulting application name: jucheck.exe, version: 2.1.9.8, time stamp:
    0x51d2fcc9 Faulting module name: ole32.DLL, version: 6.1.7601.17514, time stamp:
    0x4ce7b96f Exception code: 0xc000001d Fault offset: 0x00048611 Faulting process id:
    0x778 Faulting application start time: 0x01cf0564aecb0236 Faulting application path:
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe Faulting module
    path: C:\Windows\syswow64\ole32.DLL Report Id: 3ddeef4d-7159-11e3-81db-0024e801788c

    Error - 12/30/2013 9:49:46 AM | Computer Name = HeatherPC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Java(TM) Update Checker because of this error. Program: Java(TM)
    Update Checker File: The error value is listed in the Additional Data section. User
    Action 1. Open the file again. This situation might be a temporary problem that corrects
    itself when the program runs again. 2. If the file still cannot be accessed and -
    It is on the network, your network administrator should verify that there is not
    a problem with the network and that the server can be contacted. - It is on a removable
    disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
    into the computer. 3. Check and repair the file system by running CHKDSK. To run
    CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
    type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
    from a backup copy. 5. Determine whether other files on the same disk can be opened.
    If not, the disk might be damaged. If it is a hard disk, contact your administrator
    or computer hardware vendor for further assistance. Additional Data Error value: 00000000
    Disk
    type: 0

    Error - 12/30/2013 6:18:28 PM | Computer Name = HeatherPC | Source = MsiInstaller | ID = 11720
    Description =

    Error - 12/31/2013 1:30:42 AM | Computer Name = HeatherPC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 1/1/2014 1:30:49 AM | Computer Name = HeatherPC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 1/4/2014 1:30:51 AM | Computer Name = HeatherPC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 1/4/2014 5:33:24 PM | Computer Name = HeatherPC | Source = ESENT | ID = 494
    Description = taskhost (2328) WebCacheLocal: Database recovery failed with error
    -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat',
    which is no longer present. The database was not brought to a Clean Shutdown state
    before it was removed (or possibly moved or renamed). The database engine will
    not permit recovery to complete for this instance until the missing database is
    re-instated. If the database is truly no longer available and no longer required,
    procedures for recovering from this error are available in the Microsoft Knowledge
    Base or by following the "more information" link at the bottom of this message.

    Error - 1/4/2014 5:33:24 PM | Computer Name = HeatherPC | Source = ESENT | ID = 454
    Description = taskhost (2328) WebCacheLocal: Database recovery/restore failed with
    unexpected error -1216.

    [ System Events ]
    Error - 12/29/2013 10:38:33 AM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 12/30/2013 6:18:02 AM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7000
    Description = The Util SaltarSmart service failed to start due to the following
    error: %%2

    Error - 12/30/2013 6:18:08 AM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd SBRE

    Error - 12/30/2013 6:20:09 AM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 12/30/2013 6:20:09 AM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 1/4/2014 5:31:54 PM | Computer Name = HeatherPC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:30:37 PM on ?1/?4/?2014 was unexpected.

    Error - 1/4/2014 5:32:12 PM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7000
    Description = The Util SaltarSmart service failed to start due to the following
    error: %%2

    Error - 1/4/2014 5:32:29 PM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd SBRE

    Error - 1/4/2014 5:34:30 PM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 1/4/2014 5:34:30 PM | Computer Name = HeatherPC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
     

Share This Page