Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Service Host: Local System CPU Taking Up Memory [Solved]

Started by her1994 , Jan 13 2014 12:06 AM

  • This topic is locked This topic is locked
13 replies to this topic

#1 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 13 January 2014 - 12:06 AM

Hello! Service Host: Local System CPU is taking up a lot of memory on my Windows 8 HP Envy 17. It's at a whopping 196.8 MB. When I'm watching a Youtube video or reading manga, the fan did not spin fast or get hot. It only did when I watched anime on Gogoanime. Now, the fan heats up as the memory and CPU go up over the smallest things like taking pictures on the webcam or downloading updates like Cyberlink for the Youcam via HP Support Assistant. I haven't run System Restore since I recently reset my laptop to factory conditions. I have like 5 Google Chrome 32 bit opened and one of them is like around 102.5 MB. 
 
My internet connection has also slowed. 
 
I would appreciate any help. 
 

OTL logfile created on: 1/12/2014 9:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.10% Memory free
9.08 Gb Paging File | 6.85 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 852.74 Gb Free Space | 94.24% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lisa\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Lisa\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7d7b887e33aafaadae040bb07fa959bb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HP SimplePass\DownloadManager.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (valWBFPolicyService) -- C:\Windows\SysNative\valWBFPolicyService.exe ()
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HPWMISVC) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\Drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\Drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\Drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\Drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\Drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\Drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys ()
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Lisa\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=61e25595a5fc47d29dceb1252073008b-3fcc2bb7adfd5a3c27b667555eca1cf66ef323dc /CMPID=1213b File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD4B4D5-82D2-41E9-B370-C6F7F64D943F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/11 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/01/11 15:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/01/11 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2014/01/11 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Rainmeter
[2014/01/11 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Rainmeter
[2014/01/11 13:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2014/01/11 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\ElevatedDiagnostics
[2014/01/11 11:31:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Diagnostics
[2014/01/11 10:15:50 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2014/01/11 10:15:50 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2014/01/11 10:15:50 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2014/01/11 10:15:50 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/01/11 08:12:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/11 08:07:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/11 07:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/11 07:39:08 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/11 07:24:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2014/01/11 07:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/11 07:24:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Programs
[2014/01/11 07:03:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2014/01/10 22:19:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Avatar
[2014/01/10 17:14:11 | 000,041,704 | ---- | C] (CyberLink Corporation) -- C:\Windows\SysNative\drivers\clwvd.sys
[2014/01/04 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Youcam
[2014/01/04 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\CyberLink
[2014/01/04 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CyberLink
[2014/01/04 12:45:25 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2014/01/04 12:45:23 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2014/01/04 12:45:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2014/01/04 12:45:23 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2014/01/04 12:45:23 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/01/04 12:45:23 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2014/01/04 12:45:23 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2014/01/04 12:45:17 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2014/01/04 12:45:16 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2014/01/04 12:45:16 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2014/01/04 12:45:16 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2014/01/04 12:45:16 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2014/01/04 12:45:16 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2014/01/04 12:45:11 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2014/01/04 12:45:11 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2014/01/04 12:45:09 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/01/04 12:45:08 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/01/04 12:45:08 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2014/01/04 12:45:07 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2014/01/04 12:45:06 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2014/01/04 12:45:06 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2014/01/04 12:45:06 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/01/04 12:45:06 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/01/04 12:45:06 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/01/04 12:45:06 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/01/04 12:45:05 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/01/04 12:45:05 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2014/01/04 12:45:05 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2014/01/04 12:45:05 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/01/04 12:45:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2014/01/04 12:45:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2014/01/04 12:45:02 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2014/01/04 12:45:02 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2014/01/04 12:45:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2014/01/04 12:45:02 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2014/01/04 12:44:58 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2014/01/04 12:44:57 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2014/01/04 12:44:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2014/01/04 12:44:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2014/01/04 12:44:48 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/01/04 12:44:48 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/01/04 12:44:48 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resutils.dll
[2014/01/04 12:44:48 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2014/01/04 12:44:48 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2014/01/04 12:44:48 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2014/01/04 12:44:47 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/01/04 12:44:47 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/01/04 12:44:47 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2014/01/04 12:44:47 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2014/01/04 12:44:47 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014/01/04 12:44:47 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014/01/04 12:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/01/04 12:44:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/01/04 12:44:47 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/01/04 12:44:47 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/01/04 12:44:47 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/01/04 12:44:47 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/01/04 12:44:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/01/04 12:44:30 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2014/01/04 12:44:30 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2014/01/04 12:44:29 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2014/01/04 12:44:28 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2014/01/04 12:44:27 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2014/01/04 12:44:27 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2014/01/04 12:44:27 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2014/01/04 12:44:27 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2014/01/04 12:44:15 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2014/01/04 12:44:15 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2014/01/04 12:44:14 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2014/01/04 12:44:14 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2014/01/04 12:44:14 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2014/01/04 12:44:14 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2014/01/04 12:44:14 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2014/01/04 12:44:14 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2014/01/04 12:44:14 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2014/01/04 12:44:14 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2014/01/04 12:44:14 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2014/01/04 12:44:13 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2014/01/04 12:44:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2014/01/04 12:44:13 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2014/01/04 12:44:13 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2014/01/04 12:44:13 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2014/01/04 12:44:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2014/01/04 12:44:13 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2014/01/04 12:44:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2014/01/04 12:44:13 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2014/01/04 12:44:13 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2014/01/04 12:44:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2014/01/04 12:44:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2014/01/04 12:44:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2014/01/03 14:43:59 | 000,694,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/03 14:43:59 | 000,078,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/03 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Downloaded Installations
[2014/01/03 13:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/01/03 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass
[2014/01/03 12:50:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/03 12:40:22 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/01/03 12:40:21 | 001,060,080 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2014/01/03 12:40:21 | 000,544,496 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCom.dll
[2014/01/03 12:40:21 | 000,495,856 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2014/01/03 12:40:21 | 000,264,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2014/01/03 12:40:21 | 000,192,240 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo18.dll
[2014/01/03 12:40:21 | 000,151,280 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCom.dll
[2014/01/03 12:40:20 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2014/01/03 12:32:22 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/01/03 12:32:19 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/01/03 12:32:16 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2014/01/03 12:32:15 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/01/03 12:32:15 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2014/01/03 12:32:14 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2014/01/03 12:32:14 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2014/01/03 12:32:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2014/01/03 12:32:13 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2014/01/03 12:32:13 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2014/01/03 12:32:12 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/01/03 12:32:11 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2014/01/03 12:32:11 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2014/01/03 12:32:11 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2014/01/03 12:32:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2014/01/03 12:32:10 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2014/01/03 12:32:10 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2014/01/03 12:32:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2014/01/03 12:32:07 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2014/01/03 12:32:05 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2014/01/03 12:32:04 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2014/01/03 12:32:03 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2014/01/03 12:32:03 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2014/01/03 12:32:03 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2014/01/03 12:32:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2014/01/03 12:32:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2014/01/03 12:32:02 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2014/01/03 12:32:01 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2014/01/03 12:30:59 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/01/03 12:30:59 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2014/01/03 12:30:57 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/01/03 12:30:56 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2014/01/03 12:30:55 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2014/01/03 12:30:54 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2014/01/03 12:30:53 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/01/03 12:30:51 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2014/01/03 12:30:49 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2014/01/03 12:30:49 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2014/01/03 12:30:48 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/01/03 12:30:48 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2014/01/03 12:30:48 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2014/01/03 12:30:47 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2014/01/03 12:30:47 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/01/03 12:30:47 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2014/01/03 12:30:47 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2014/01/03 12:30:47 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/01/03 12:30:47 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2014/01/03 12:30:46 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2014/01/03 12:30:46 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2014/01/03 12:30:46 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/01/03 12:30:45 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2014/01/03 12:30:43 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/01/03 12:30:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2014/01/03 12:30:43 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2014/01/03 12:30:42 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2014/01/03 12:30:42 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2014/01/03 12:30:42 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2014/01/03 12:30:42 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2014/01/03 12:30:41 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2014/01/03 12:30:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2014/01/03 12:30:41 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2014/01/03 12:30:41 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2014/01/03 12:30:41 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2014/01/03 12:30:41 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2014/01/03 12:30:40 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2014/01/03 12:30:40 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2014/01/03 12:30:40 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2014/01/03 12:30:40 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2014/01/03 12:30:40 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2014/01/03 12:30:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2014/01/03 12:30:40 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2014/01/03 12:30:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2014/01/03 12:30:39 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2014/01/03 12:30:39 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2014/01/03 12:30:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2014/01/03 12:30:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2014/01/03 12:30:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2014/01/03 12:30:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2014/01/03 12:30:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2014/01/03 12:29:46 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2014/01/03 12:29:46 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2014/01/03 12:29:45 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2014/01/03 12:29:45 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2014/01/03 12:29:45 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2014/01/03 12:29:45 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2014/01/03 12:29:44 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2014/01/03 12:29:44 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2014/01/03 12:29:44 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2014/01/03 12:29:44 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2014/01/03 12:29:44 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2014/01/03 12:29:44 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2014/01/03 12:29:44 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2014/01/03 12:29:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2014/01/03 12:29:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2014/01/03 12:29:44 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2014/01/03 12:29:44 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2014/01/03 12:29:44 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/01/03 12:29:43 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2014/01/03 12:29:43 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2014/01/03 12:29:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2014/01/03 12:29:43 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2014/01/03 12:29:43 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2014/01/03 12:29:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2014/01/03 12:29:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2014/01/03 12:29:43 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2014/01/03 12:29:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2014/01/03 12:29:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2014/01/03 12:29:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2014/01/03 12:29:38 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/01/03 12:29:38 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2014/01/03 12:29:38 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2014/01/03 12:29:38 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2014/01/03 12:29:38 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2014/01/03 12:24:21 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2014/01/03 12:24:21 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2014/01/03 12:24:20 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2014/01/03 12:24:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2014/01/03 12:24:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2014/01/03 12:24:19 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2014/01/03 12:24:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2014/01/03 12:24:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2014/01/03 12:24:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2014/01/03 12:24:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2014/01/03 12:24:18 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2014/01/03 12:24:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2014/01/03 12:24:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2014/01/03 12:24:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2014/01/03 12:24:13 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014/01/03 12:24:12 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014/01/03 12:24:12 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014/01/03 12:24:11 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/01/03 12:24:11 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/01/03 12:24:11 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2014/01/03 12:24:05 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014/01/03 12:24:05 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014/01/03 12:24:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2014/01/03 12:24:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2014/01/03 12:24:01 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/01/03 12:24:00 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/01/03 12:23:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/01/03 12:23:59 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/01/03 12:23:35 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/01/03 12:23:35 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2014/01/03 12:23:35 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2014/01/03 12:23:35 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/01/03 12:23:35 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2014/01/03 12:23:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2014/01/03 12:23:27 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2014/01/03 12:23:27 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2014/01/03 12:23:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2014/01/03 12:23:26 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014/01/03 12:23:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2014/01/03 12:23:25 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014/01/03 12:23:24 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2014/01/03 12:23:24 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2014/01/03 12:23:24 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2014/01/03 12:23:24 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2014/01/03 12:23:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2014/01/03 12:23:24 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2014/01/03 12:23:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2014/01/03 12:23:24 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/01/03 12:23:24 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2014/01/03 12:23:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2014/01/03 12:23:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll
[2014/01/03 12:23:24 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2014/01/03 12:23:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/01/03 12:23:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/01/03 12:23:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/01/03 12:23:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/01/03 12:23:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2014/01/03 12:22:24 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2014/01/03 12:22:24 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2014/01/03 12:22:08 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/01/03 12:22:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2014/01/03 12:22:05 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/01/03 12:22:05 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2014/01/03 12:22:04 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/01/03 12:21:45 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2014/01/03 12:21:45 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2014/01/03 12:21:45 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2014/01/03 12:21:45 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2014/01/03 12:21:45 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2014/01/03 12:18:50 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/01/03 12:18:48 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/01/03 12:18:28 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/03 12:18:23 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/01/03 12:18:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/03 12:18:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/03 12:18:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/03 12:18:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/03 12:18:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/03 12:18:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/03 12:18:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/03 12:18:19 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/01/03 12:18:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/01/03 12:18:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/03 12:18:10 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/01/03 12:18:10 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/01/03 12:18:10 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/01/03 12:18:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/01/03 12:18:10 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2014/01/03 12:16:46 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2014/01/03 12:16:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/01/03 12:16:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/01/03 12:16:40 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/01/03 12:16:28 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/01/03 12:16:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/01/03 12:16:17 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2014/01/03 12:16:17 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2014/01/03 12:16:17 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/01/03 12:16:14 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/01/03 12:15:52 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/01/03 12:15:51 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/01/03 12:15:46 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/01/03 12:15:45 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/01/03 12:15:45 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/01/03 12:15:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/01/03 12:15:45 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/01/03 12:15:42 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/03 12:15:42 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/03 12:15:25 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2014/01/03 12:15:24 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/01/03 12:15:24 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/01/03 12:15:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2014/01/03 12:15:23 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/01/03 12:15:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/01/03 12:15:20 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/01/03 12:15:20 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2014/01/03 12:15:20 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2014/01/03 12:15:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2014/01/03 12:15:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2014/01/03 12:15:18 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2014/01/03 12:15:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/01/03 12:15:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2014/01/03 12:15:18 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/01/03 12:15:18 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/01/03 12:15:18 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/01/03 12:15:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/01/03 12:15:14 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2014/01/03 12:15:14 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2014/01/03 12:15:08 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/01/02 12:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\HP
[2014/01/02 11:56:54 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Hewlett-Packard
[2014/01/02 11:53:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AVG2014
[2014/01/02 11:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/01/02 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\TuneUp Software
[2014/01/02 11:52:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/01/02 11:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/02 11:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/01/02 11:43:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/02 11:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MFAData
[2014/01/02 11:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/02 11:43:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Avg2014
[2014/01/02 11:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2014/01/02 11:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2014/01/02 11:37:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\hpqlog
[2014/01/02 11:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/02 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/02 11:35:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Google
[2014/01/02 11:35:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Deployment
[2014/01/02 11:35:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Apps
[2014/01/02 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Macromedia
[2014/01/02 11:33:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Hewlett-Packard
[2014/01/02 11:32:22 | 000,000,000 | R--D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/02 11:32:22 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Searches
[2014/01/02 11:32:22 | 000,000,000 | R--D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/02 11:32:21 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/02 11:32:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Adobe
[2014/01/02 11:31:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2014/01/02 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AuthenTec
[2014/01/02 11:31:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Power2Go8
[2014/01/02 11:31:32 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Contacts
[2014/01/02 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\VirtualStore
[2014/01/02 11:30:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Packages
[2014/01/02 11:30:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Intel
[2014/01/02 11:30:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/01/02 11:30:33 | 000,000,000 | --SD | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Videos
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Saved Games
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Pictures
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Music
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Links
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Favorites
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Downloads
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Documents
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Desktop
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/02 11:30:33 | 000,000,000 | R--D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Temporary Internet Files
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Templates
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Start Menu
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\SendTo
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Recent
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\PrintHood
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\NetHood
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\My Videos
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\My Pictures
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\My Music
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\My Documents
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Local Settings
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\History
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Cookies
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Application Data
[2014/01/02 11:30:33 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Application Data
[2014/01/02 11:30:33 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\Documents\hp.system.package.metadata
[2014/01/02 11:30:33 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\Documents\hp.applications.package.appdata
[2014/01/02 11:30:33 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData
[2014/01/02 11:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Temp
[2014/01/02 11:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Roaming
[2014/01/02 11:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft
[2014/01/02 11:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/02 10:21:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/12 21:45:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 18:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/12 11:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/11 15:34:48 | 000,000,971 | ---- | M] () -- C:\Users\Lisa\Desktop\SpeedFan.lnk
[2014/01/11 15:34:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/01/11 15:34:47 | 000,000,000 | ---- | M] () -- C:\Users\Lisa\Desktop\initdebug.nfo
[2014/01/11 14:58:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/01/11 13:11:33 | 000,001,730 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2014/01/11 10:24:09 | 000,942,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/11 10:24:09 | 000,784,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/11 10:24:09 | 000,158,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/11 10:18:01 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/11 10:17:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/11 10:17:20 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/11 07:39:08 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/11 07:34:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2014/01/11 07:33:55 | 000,291,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/07 16:46:34 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 10:57:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/01/03 14:48:17 | 000,000,861 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2014/01/03 13:52:35 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2014/01/03 12:40:11 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/01/03 12:40:11 | 000,495,856 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2014/01/03 12:40:11 | 000,264,432 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2014/01/03 12:40:11 | 000,192,240 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo18.dll
[2014/01/03 12:40:11 | 000,151,280 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCom.dll
[2014/01/03 12:40:10 | 001,060,080 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2014/01/03 12:40:10 | 000,544,496 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCom.dll
[2014/01/03 12:40:10 | 000,033,008 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2014/01/02 11:53:08 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/02 11:43:19 | 000,002,283 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 11:34:35 | 000,001,428 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/11 15:34:48 | 000,000,971 | ---- | C] () -- C:\Users\Lisa\Desktop\SpeedFan.lnk
[2014/01/11 15:34:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/01/11 15:34:47 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\Desktop\initdebug.nfo
[2014/01/11 14:58:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/01/11 13:11:33 | 000,001,730 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2014/01/11 13:11:33 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2014/01/11 07:33:37 | 000,291,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 10:57:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/01/04 12:44:48 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/01/03 14:48:16 | 000,000,861 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2014/01/03 12:23:23 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/01/02 13:53:18 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2014/01/02 11:53:08 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/02 11:36:33 | 000,002,283 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 11:36:33 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/02 11:35:39 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 11:35:38 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/02 11:34:35 | 000,001,428 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/02 11:32:08 | 000,001,434 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/02 11:30:33 | 000,002,100 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2014/01/02 11:30:33 | 000,000,352 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/02 11:30:33 | 000,000,334 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/01/02 10:27:10 | 2484,092,927 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/02 10:21:02 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/03/19 21:32:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/19 21:32:00 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/03/19 21:29:26 | 019,586,560 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2012/12/10 13:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/08/03 14:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 12:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/25 12:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/04/20 08:45:41 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 22:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 21:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/02 11:53:40 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AVG2014
[2014/01/11 15:19:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Rainmeter
[2014/01/02 11:31:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2014/01/02 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.0.LOCALSETTINGUNIT  >
[2014/01/02 11:36:55 | 000,000,366 | -HS- | M] () MD5=FD3656FD421D393BC0162948CD3A61A7 -- C:\Users\Lisa\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit
 
< MD5 for: EXPLORER.ADML  >
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/04/20 08:49:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/04/20 08:49:41 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/06/01 02:17:57 | 002,116,520 | ---- | M] (Microsoft Corporation) MD5=15C505AD0118275E7363A539009EF3AF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2012/07/25 19:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/25 20:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/04/20 08:49:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/06/01 04:41:08 | 002,380,968 | ---- | M] (Microsoft Corporation) MD5=D1FF6792A3B0FBD2F2F17DC936AF6177 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/04/20 08:49:41 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2014/01/12 11:40:15 | 000,239,634 | ---- | M] () MD5=DCA0BAF41D76694BE749C4760E592E17 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 14:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Lisa\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2013/04/20 08:49:34 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=06E77B5F6BB60E11A377B68BA4AA1DA7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/02/21 03:11:26 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=0A1FC149D1F01AEE5D66D42953CDD751 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_2b57ad3f3a4a8d28\iexplore.exe
[2013/04/20 08:49:34 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=0A5074651C95792D32BCF536D64D0463 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2012/07/25 19:36:56 | 000,770,504 | ---- | M] (Microsoft Corporation) MD5=1249974F2A658D07E2647DD9C3592B9E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2013/04/20 08:49:34 | 000,775,168 | ---- | M] (Microsoft Corporation) MD5=13F97D5006C3E37D0A4AABC767C0E553 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2012/07/25 20:58:31 | 000,775,112 | ---- | M] (Microsoft Corporation) MD5=29CD24D8CA72FDB986B39277E70A48B6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2013/04/20 08:39:40 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=2F92EE7EE7E189EBDDADD5BEEB7E9DE0 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_37fabb5eec23159f\iexplore.exe
[2013/04/20 09:00:10 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=328569E3CA8BDB3FF74A3DBB8A1FE827 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20589_none_2b7967573a31390b\iexplore.exe
[2013/04/20 08:51:24 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=39F90724C1A98648CCCDDF13631F2D4A -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/04/20 08:39:40 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=4B33704E4B071EC44806846CBE50EB2A -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2121e9b705d2f7c9\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_37da8ff2ec3b1c8f\iexplore.exe
[2013/04/20 08:51:24 | 000,770,528 | ---- | M] (Microsoft Corporation) MD5=79FF6755B94FF918441D8F8162E5AC9C -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2013/04/20 09:00:10 | 000,775,128 | ---- | M] (Microsoft Corporation) MD5=7C4D4537048B255A851F19EA2C656BCB -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16484_none_37fda574ec207b45\iexplore.exe
[2013/04/20 08:39:40 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=7EBFC838C815C3DACA135837D8F7906E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20557_none_2b7694093a33b9c4\iexplore.exe
[2013/04/20 08:51:24 | 000,775,136 | ---- | M] (Microsoft Corporation) MD5=8E1B68702CDB0DDC6597357766E941D9 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/04/20 09:00:10 | 000,770,544 | ---- | M] (Microsoft Corporation) MD5=B8B50206CEA0791C26B63B753BCFB1D4 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16484_none_42524fc720813d40\iexplore.exe
[2013/04/20 08:49:34 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=BCF25D644DF1288CD9A6524FF7AB23C8 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/04/20 08:39:40 | 000,770,520 | ---- | M] (Microsoft Corporation) MD5=D05965C02FD5781503968225B22189F4 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16453_none_424f65b12083d79a\iexplore.exe
[2013/04/20 09:00:10 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=D865B906C71BD10633BA0E9627050943 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20589_none_2124bd0505d07710\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_422f3a45209bde8a\iexplore.exe
[2013/02/21 05:13:16 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=E61732C1203A6BCA2FFB91022CA48AC6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_210302ed05e9cb2d\iexplore.exe
[2013/04/20 08:51:24 | 000,775,152 | ---- | M] (Microsoft Corporation) MD5=F78F14096EB41341C4D880CEA6D681A2 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2014/01/12 18:49:33 | 000,097,644 | ---- | M] () MD5=17DF29B17EF2BE291EC55D62DBF85CA8 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2014/01/12 19:50:02 | 000,224,424 | ---- | M] () MD5=1C9FD9A24D10A9276E58DF137CE8253A -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: SERVICES  >
[2012/07/25 21:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.DAT  >
[2014/01/01 01:20:33 | 000,004,134 | ---- | M] () MD5=C9B4F36E8BE111CCBC44A2A8FD32C5EC -- C:\Users\Lisa\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/25 21:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014/01/03 12:53:17 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/01/03 12:50:20 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/01/03 12:52:24 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2014/01/07 11:16:17 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2014/01/03 12:57:45 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:47:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:08 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:23:16 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:54:24 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:26 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2012/07/25 23:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2012/06/02 06:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/04/20 08:36:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/04/20 08:36:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/25 19:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2014/01/12 11:39:49 | 000,021,366 | ---- | M] () MD5=C4834B6C746ADCBDC1A42D5C2742E3A9 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2012/07/25 19:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 06:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/03 15:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/01/11 10:17:20 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/11 10:17:20 | 1275,068,416 | -HS- | M] () -- C:\pagefile.sys
[2014/01/02 11:20:41 | 000,000,000 | ---- | M] () -- C:\Recovery.txt
[2014/01/11 10:17:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
< %systemroot%\Fonts\*.com >
[2012/08/03 14:37:24 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/08/03 14:37:24 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/08/03 14:37:24 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/08/03 14:37:24 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/26 00:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/09/12 14:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/07/26 00:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 20A3-1A9F
 Directory of C:\
07/25/2012  11:22 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/25/2012  11:22 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/25/2012  11:22 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/25/2012  11:22 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/25/2012  11:22 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/25/2012  11:22 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/25/2012  11:22 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa
01/02/2014  11:30 AM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Roaming]
01/02/2014  11:30 AM    <JUNCTION>     Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]
01/02/2014  11:30 AM    <JUNCTION>     Local Settings [C:\Users\Lisa\AppData\Local]
01/02/2014  11:30 AM    <JUNCTION>     My Documents [C:\Users\Lisa\Documents]
01/02/2014  11:30 AM    <JUNCTION>     NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/02/2014  11:30 AM    <JUNCTION>     PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/02/2014  11:30 AM    <JUNCTION>     Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]
01/02/2014  11:30 AM    <JUNCTION>     SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]
01/02/2014  11:30 AM    <JUNCTION>     Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]
01/02/2014  11:30 AM    <JUNCTION>     Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\AppData\Local
01/02/2014  11:30 AM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Local]
01/02/2014  11:30 AM    <JUNCTION>     History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]
01/02/2014  11:30 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\Documents
01/02/2014  11:30 AM    <JUNCTION>     My Music [C:\Users\Lisa\Music]
01/02/2014  11:30 AM    <JUNCTION>     My Pictures [C:\Users\Lisa\Pictures]
01/02/2014  11:30 AM    <JUNCTION>     My Videos [C:\Users\Lisa\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              48 Dir(s)  915,627,229,184 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2014/01/02 11:34:35 | 000,000,223 | -HS- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
 

    Advertisements

Register to Remove

#2 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 13 January 2014 - 12:07 AM

OTL Extras logfile created on: 1/12/2014 9:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.10% Memory free
9.08 Gb Paging File | 6.85 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 852.74 Gb Free Space | 94.24% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D4E83A-1E9D-4567-AA4D-314BC680C424}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0D5F707E-F3FA-41FA-AD1D-0FB9C5E5B248}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3DC332DE-758E-4C21-AB40-3EDC316C1C90}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43D0B78B-24F0-497C-88DE-BC1D61CA2567}" = rport=138 | protocol=17 | dir=out | app=system | 
"{77C89499-77F3-4A8F-891F-18890A862388}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{817EA605-1741-418D-B4C1-1FB311AD1B35}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A30A2770-D288-4FDF-A86A-09CC5D82E8C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C18F45EB-6447-4C2C-8975-C27915BCCAE4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C97303E4-4D15-4193-8656-E540AAEA5A5B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D763F66A-EEA3-46DC-8D55-3C33B4BC7889}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F048214D-C80A-4FB3-BB4A-FD85C7811507}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2E9F0DC-0477-4F4B-9323-B97DBC241CD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9A78B32-9C30-4D73-BFEF-888E32144B81}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FFFC7FD8-3A05-44C7-AE5A-9B1FDE517206}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F58CB-C152-4EA2-804C-B39B9838593D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{0C045128-9CCE-4CEE-BC0F-ACD50C5FF492}" = dir=out | name=box | 
"{0C3E33C4-8237-418A-B24E-0B30DFF0B308}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E1641A2-FFC6-4DBE-9513-D390A7C24ED3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{10086BAB-388B-4140-A67D-58E1EBD42BD7}" = dir=out | name=hp registration | 
"{12355B9F-C2BE-4701-825A-146C611024CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13F1E5B1-E968-4A14-B45B-50874A55AF65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{16A5E124-A1FB-4869-A143-A84D70BD123A}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{183B7FB4-19C7-4427-AED5-A9B24165D2E6}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{18D49AAE-CC2A-4DCD-BC01-FACB31125D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 
"{1FB8D312-E6D9-4CAB-B265-A36350236A44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{216D86B3-61DE-415D-8E8F-54745EE7A27B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{266C9C07-4929-4BF6-9C31-E8FFE8F37DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{288EAA7B-54CB-4B5F-BA45-68535B0E66C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{2EC74EA3-1B37-490F-A5D2-FB0813F77AE9}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{348C2D00-72E6-4A34-A682-0A93574B9613}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C2B8573-C416-4CE1-B4FF-230A0792FCF5}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{41472832-B1D7-43EC-88B3-5C9CF3DD444E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4240ADD8-60C9-4F33-8DE0-32695614B1E7}" = dir=out | name=norton studio | 
"{445384E7-1CC0-4BFC-9A52-62174F8BF832}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{48C85589-B992-4C89-B0CB-2263A680551C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{49402D20-47EF-4CC4-912F-3A938BEE1AF3}" = dir=in | name=skype | 
"{4995D5F2-1A9C-42A1-899B-B5422DC1813E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F812CDA-3F95-437C-AABD-0AAABDF31420}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5476FA48-9368-4C48-9574-315A2BE47079}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{558047EE-5728-4115-91F9-7923AE5168A0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{579248A4-AD14-44F3-AF96-2DE65A60D428}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{5F45A802-C97E-460D-A496-B9DDAFD67CB6}" = dir=out | name=microsoft solitaire collection | 
"{61CDBA36-71F9-484B-A100-A478B3B0CCE8}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{62F86E27-259F-434B-8D79-E7D93A0519EB}" = dir=out | name=getting started with windows 8 | 
"{6CD396E0-D696-4A05-8E3E-2D2B4D1CB7FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E96B31A-7D99-4538-8EED-0ABF157AB50E}" = dir=in | name=box | 
"{75EBC208-C9D0-478E-9315-8DB3DE788548}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{789F0F65-35C5-42E7-8FA9-A246A5AD4314}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7981988A-1D7F-4466-830F-C9E9EDBD7F25}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{7ED25C6D-9A35-4EAF-BC67-858B7AA0D4FF}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{89E8772C-F007-4947-8373-2944B74B52DD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{8D48105B-53DF-4132-815F-10ADBDDFB1A1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{8F3C3D1D-A4E2-48BF-A604-9EFDA4746E2A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{90256FBD-FDF9-4299-ACF7-D01B72765B57}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{93FDCE7C-0585-48E4-A54B-E1355DE6324F}" = dir=out | name=netflix | 
"{9451D350-9EA2-4375-BA5A-1B805B4BBA23}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{9A40DFE5-C788-49D4-AC77-E4884E40D31B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{A5B39B16-33CE-4DEA-9E4D-149533674B79}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{AD65EBBD-799B-4489-84EC-F8C35C7F7DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{B30391C8-87B9-4D8B-8DE0-125C038C553A}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B43828BF-042F-483F-A73D-71B9E330BFEE}" = dir=in | name=hp connected photo powered by snapfish | 
"{BE363530-2E51-4B8E-AA75-EDC79855BC78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C55FDA22-C025-4F3F-AD2C-55D96B59A002}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{CE324C52-0487-41A6-826F-F0C8F591C7F2}" = dir=out | name=microsoft mahjong | 
"{CEBBAF8D-F3B8-40EE-9B74-D4062B1E03E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CEFA7BAB-9268-4BCD-9FA6-C3F94E47DD91}" = dir=out | name=youcam for hp | 
"{D255DDED-7B08-4208-8E0B-E4C621163F88}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{D2DE1319-E707-404A-9752-92CEB566236A}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{D4156F29-76AD-45A4-9718-E3FFF3A8CB53}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{D68EB5F6-7AF8-4363-8FCE-B8C2CD25583E}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{DCFAB104-20A0-451D-B9A8-032DB15BBDD4}" = dir=out | name=skype | 
"{DE1D0774-7217-4135-A379-D28A717F7043}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DF00D60B-6477-4FF3-B95C-D6477B80230C}" = dir=out | name=hp connected photo powered by snapfish | 
"{E3652CAD-CAFF-4CA2-B7ED-B4B3890EBFDC}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EE550C54-400F-4F75-8AF2-2FCC4C3A51C8}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{F070C6D6-C433-470B-84EA-11B4E865CE27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F2C56631-EFCA-4AF5-9072-75D77223F8FF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FE2AA75C-6DE6-4D2C-A43A-6FCE7184EA9B}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel® PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{302600C1-6BDF-4FD1-1303-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}" = Intel® Smart Connect Technology 4.0 x64
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel® WiDi
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D859F0D-B405-4B1F-9084-13BBF5D3DB32}" = Intel® Rapid Storage Technology
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B80C52A3-7666-4068-A371-7867F51E68EB}" = Validity WBF DDK
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"AVG" = AVG 2014
"SynTPDeinstKey" = Synaptics ClickPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07F6DC37-0857-4B68-A675-4E35989E85E3}" = HP 3D DriveGuard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{394B14EA-B072-4440-9510-87797CB12371}" = HP CoolSense
"{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}" = HP SimplePass
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F265322-43A2-4C06-925B-F32F938B102C}" = HP Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel® Update Manager
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}" = HP System Event Utility
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Rainmeter" = Rainmeter
"SpeedFan" = SpeedFan (remove only)
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/7/2014 8:17:54 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2349625
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1125
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7031140
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7031140
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46938
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46938
 
[ System Events ]
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/3/2014 4:22:35 PM | Computer Name = SATELLITE | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 1/3/2014 6:23:41 PM | Computer Name = SATELLITE | Source = Service Control Manager | ID = 7030
Description = The HPWMISVC service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/3/2014 6:45:16 PM | Computer Name = SATELLITE | Source = Service Control Manager | ID = 7043
Description = The AVGIDSAgent service did not shut down properly after receiving
 a preshutdown control.
 
 
< End of report >

OTL Extras logfile created on: 1/12/2014 9:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.10% Memory free
9.08 Gb Paging File | 6.85 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 852.74 Gb Free Space | 94.24% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D4E83A-1E9D-4567-AA4D-314BC680C424}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0D5F707E-F3FA-41FA-AD1D-0FB9C5E5B248}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3DC332DE-758E-4C21-AB40-3EDC316C1C90}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43D0B78B-24F0-497C-88DE-BC1D61CA2567}" = rport=138 | protocol=17 | dir=out | app=system | 
"{77C89499-77F3-4A8F-891F-18890A862388}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{817EA605-1741-418D-B4C1-1FB311AD1B35}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A30A2770-D288-4FDF-A86A-09CC5D82E8C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C18F45EB-6447-4C2C-8975-C27915BCCAE4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C97303E4-4D15-4193-8656-E540AAEA5A5B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D763F66A-EEA3-46DC-8D55-3C33B4BC7889}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F048214D-C80A-4FB3-BB4A-FD85C7811507}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2E9F0DC-0477-4F4B-9323-B97DBC241CD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9A78B32-9C30-4D73-BFEF-888E32144B81}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FFFC7FD8-3A05-44C7-AE5A-9B1FDE517206}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F58CB-C152-4EA2-804C-B39B9838593D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{0C045128-9CCE-4CEE-BC0F-ACD50C5FF492}" = dir=out | name=box | 
"{0C3E33C4-8237-418A-B24E-0B30DFF0B308}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E1641A2-FFC6-4DBE-9513-D390A7C24ED3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{10086BAB-388B-4140-A67D-58E1EBD42BD7}" = dir=out | name=hp registration | 
"{12355B9F-C2BE-4701-825A-146C611024CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{13F1E5B1-E968-4A14-B45B-50874A55AF65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{16A5E124-A1FB-4869-A143-A84D70BD123A}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{183B7FB4-19C7-4427-AED5-A9B24165D2E6}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{18D49AAE-CC2A-4DCD-BC01-FACB31125D86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 
"{1FB8D312-E6D9-4CAB-B265-A36350236A44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{216D86B3-61DE-415D-8E8F-54745EE7A27B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{266C9C07-4929-4BF6-9C31-E8FFE8F37DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{288EAA7B-54CB-4B5F-BA45-68535B0E66C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{2EC74EA3-1B37-490F-A5D2-FB0813F77AE9}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{348C2D00-72E6-4A34-A682-0A93574B9613}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C2B8573-C416-4CE1-B4FF-230A0792FCF5}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{41472832-B1D7-43EC-88B3-5C9CF3DD444E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4240ADD8-60C9-4F33-8DE0-32695614B1E7}" = dir=out | name=norton studio | 
"{445384E7-1CC0-4BFC-9A52-62174F8BF832}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{48C85589-B992-4C89-B0CB-2263A680551C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{49402D20-47EF-4CC4-912F-3A938BEE1AF3}" = dir=in | name=skype | 
"{4995D5F2-1A9C-42A1-899B-B5422DC1813E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F812CDA-3F95-437C-AABD-0AAABDF31420}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5476FA48-9368-4C48-9574-315A2BE47079}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{558047EE-5728-4115-91F9-7923AE5168A0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{579248A4-AD14-44F3-AF96-2DE65A60D428}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{5F45A802-C97E-460D-A496-B9DDAFD67CB6}" = dir=out | name=microsoft solitaire collection | 
"{61CDBA36-71F9-484B-A100-A478B3B0CCE8}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{62F86E27-259F-434B-8D79-E7D93A0519EB}" = dir=out | name=getting started with windows 8 | 
"{6CD396E0-D696-4A05-8E3E-2D2B4D1CB7FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E96B31A-7D99-4538-8EED-0ABF157AB50E}" = dir=in | name=box | 
"{75EBC208-C9D0-478E-9315-8DB3DE788548}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{789F0F65-35C5-42E7-8FA9-A246A5AD4314}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7981988A-1D7F-4466-830F-C9E9EDBD7F25}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{7ED25C6D-9A35-4EAF-BC67-858B7AA0D4FF}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{89E8772C-F007-4947-8373-2944B74B52DD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{8D48105B-53DF-4132-815F-10ADBDDFB1A1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{8F3C3D1D-A4E2-48BF-A604-9EFDA4746E2A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{90256FBD-FDF9-4299-ACF7-D01B72765B57}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{93FDCE7C-0585-48E4-A54B-E1355DE6324F}" = dir=out | name=netflix | 
"{9451D350-9EA2-4375-BA5A-1B805B4BBA23}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{9A40DFE5-C788-49D4-AC77-E4884E40D31B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{A5B39B16-33CE-4DEA-9E4D-149533674B79}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{AD65EBBD-799B-4489-84EC-F8C35C7F7DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{B30391C8-87B9-4D8B-8DE0-125C038C553A}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B43828BF-042F-483F-A73D-71B9E330BFEE}" = dir=in | name=hp connected photo powered by snapfish | 
"{BE363530-2E51-4B8E-AA75-EDC79855BC78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C55FDA22-C025-4F3F-AD2C-55D96B59A002}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{CE324C52-0487-41A6-826F-F0C8F591C7F2}" = dir=out | name=microsoft mahjong | 
"{CEBBAF8D-F3B8-40EE-9B74-D4062B1E03E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CEFA7BAB-9268-4BCD-9FA6-C3F94E47DD91}" = dir=out | name=youcam for hp | 
"{D255DDED-7B08-4208-8E0B-E4C621163F88}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{D2DE1319-E707-404A-9752-92CEB566236A}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{D4156F29-76AD-45A4-9718-E3FFF3A8CB53}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{D68EB5F6-7AF8-4363-8FCE-B8C2CD25583E}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{DCFAB104-20A0-451D-B9A8-032DB15BBDD4}" = dir=out | name=skype | 
"{DE1D0774-7217-4135-A379-D28A717F7043}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DF00D60B-6477-4FF3-B95C-D6477B80230C}" = dir=out | name=hp connected photo powered by snapfish | 
"{E3652CAD-CAFF-4CA2-B7ED-B4B3890EBFDC}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EE550C54-400F-4F75-8AF2-2FCC4C3A51C8}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{F070C6D6-C433-470B-84EA-11B4E865CE27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F2C56631-EFCA-4AF5-9072-75D77223F8FF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FE2AA75C-6DE6-4D2C-A43A-6FCE7184EA9B}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel® PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{302600C1-6BDF-4FD1-1303-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}" = Intel® Smart Connect Technology 4.0 x64
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel® WiDi
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D859F0D-B405-4B1F-9084-13BBF5D3DB32}" = Intel® Rapid Storage Technology
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B80C52A3-7666-4068-A371-7867F51E68EB}" = Validity WBF DDK
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"AVG" = AVG 2014
"SynTPDeinstKey" = Synaptics ClickPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07F6DC37-0857-4B68-A675-4E35989E85E3}" = HP 3D DriveGuard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{394B14EA-B072-4440-9510-87797CB12371}" = HP CoolSense
"{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}" = HP SimplePass
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F265322-43A2-4C06-925B-F32F938B102C}" = HP Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel® Update Manager
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}" = HP System Event Utility
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Rainmeter" = Rainmeter
"SpeedFan" = SpeedFan (remove only)
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/7/2014 8:17:54 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2349625
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1125
 
Error - 1/7/2014 11:49:38 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7031140
 
Error - 1/8/2014 4:58:51 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7031140
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46938
 
Error - 1/8/2014 5:31:37 PM | Computer Name = SATELLITE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46938
 
[ System Events ]
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/2/2014 3:41:39 PM | Computer Name = SATELLITE | Source = DCOM | ID = 10010
Description = 
 
Error - 1/3/2014 4:22:35 PM | Computer Name = SATELLITE | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 1/3/2014 6:23:41 PM | Computer Name = SATELLITE | Source = Service Control Manager | ID = 7030
Description = The HPWMISVC service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/3/2014 6:45:16 PM | Computer Name = SATELLITE | Source = Service Control Manager | ID = 7043
Description = The AVGIDSAgent service did not shut down properly after receiving
 a preshutdown control.
 
 
< End of report >
 

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 23 January 2014 - 08:01 PM

Hi her1994,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Sorry that it has taken so long for a reply.

We look for topics with no replies and you made a second post to your topic, which made the system think you were being helped.

Do you still need help?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#4 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 23 January 2014 - 10:01 PM

Hi, Tomk. I recently reset my laptop but yes I would still like help. 


#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 12:01 AM

By reset do you mean you did a system restore back to "like new" status?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 January 2014 - 12:00 PM

Yes, I restored it but no to a restore point. I reset it and then had to reinstall updates. It worked fine for a few days until the internet connection slowed again. Maybe it's due to the fact that the line has a desktop, 4 laptops and ipods on it but when I load videos on youtube its slower than usual. 


#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 12:32 PM

Ok... let's just try running a few programs that remove misc. garbage that seems to get picked up along the way.

Step 1

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step 3
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 January 2014 - 10:49 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Lisa on Sat 01/25/2014 at  8:25:30.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/25/2014 at  8:30:01.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.017 - Report created 25/01/2014 at 08:33:40
# Updated 12/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Lisa - SATELLITE
# Running from : C:\Users\Lisa\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [893 octets] - [25/01/2014 08:32:59]
AdwCleaner[S0].txt - [819 octets] - [25/01/2014 08:33:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [878 octets] ##########
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.25.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Lisa :: SATELLITE [administrator]
 
Protection: Enabled
 
1/25/2014 8:41:44 AM
mbam-log-2014-01-25 (08-41-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203998
Time elapsed: 3 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 11:21 AM

Let's try one more scan.
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 January 2014 - 12:18 PM

I didn't delete anything since there was nothing in Shortcuts. There were only 4 things in the Registry list, so I don't wanna delete since I am unsure.

 

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Lisa [Admin rights]
Mode : Scan -- Date : 01/25/2014 10:13:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS541010A9E680 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_01252014_101332.txt >>

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 01:41 PM

Well... I'm not seeing the problem and the tools aren't finding any malware.  I believe that my potential usefulness to you has been exhausted.  I suggest that you post over in the Windows forum and see it the Tech Team can help you tweak things.  When you post there... please give them full information on your computer (Make, model, operating system) and also give them a link back to this topic so that they can see the information you provided me.

 

But first, you can go ahead and cleanup the tools.

 

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

 

You can just delete any other tools or logs that are left.

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Practicing Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved (at least as relates to malware).  :thumbup:
 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 25 January 2014 - 08:06 PM

Thank you!


#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 08:32 PM

You are very welcome.

 

Good luck and be well. :thumbup:


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 January 2014 - 08:33 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·