Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Explorer.exe crashes constantly. Is it malware related? [Solved]


  • This topic is locked This topic is locked
68 replies to this topic

#1 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 13 March 2014 - 07:40 PM

I have 3 users on my Windows 8.1 machine. Myself, my mother and another family member. My mother's user has constant issues with explorer.exe crashing or at least I think this is the issue because her desktop goes black and nearly freezes. When I right click on the desktop or taskbar the menus show up slowly and come line by line, rather than popping up right away like they normally do. The only way I've found to remedy this issue is to go to the task manager and end task for windows explorer.  The desktop comes back to normal. Another thing that made me think it was explorer related was when I log her off to my user which doesn't really have this problem and I have shut down from my user and her own I will briefly see a box mentioning an exploxer.exe error and a red x as the computer is shutting down. The message pops up so briefly that I can't really read it fast it enough to see what it all says. I scanned the computer with Spybot, Malwarebytes, Microsoft's security scanner from their website (http://www.microsoft...us/default.aspx) and My webroot antivirus. I have found nothing problematic. I defragged my hard drives recently and try to keep my temp, prefetch and internet caches cleaned regularly as well. So I didn't think that could be interfering with the explorer.

 

 

 

I was very frustrated with this explorer issue so I tried to see if an free/open source alternative to explorer would work with my computer. I tried Cubic and Xplorer 2 and we didn't think they were as visually appealing as the regular Win Explorer, but if any helper here can tell me about how to customize any of these or of another free/open source explorer like Win explorer in terms of looks, but with more features I'd be very open to this even if this can be fixed or isn't malware related. 

 

CubicExplorer
Explorer++
Xplorer2
NexusFile
Q-Dir
 
Thanks for your help :)
 
NOTE: I POSTED MY OTL.TXT, EXTRAS.TXT, HIJACKTHIS LOG, BUT NOT THE DDS LOG BECAUSE WHEN I TRIED TO RUN IT WOULD NOT RECOGNIZE MY OPSYS. 
 
 

OTL logfile created on: 3/13/2014 8:21:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A Lamar\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 52.35% Memory free
8.70 Gb Paging File | 2.89 Gb Available in Paging File | 33.18% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.39 Gb Total Space | 490.54 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 1.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 14.83 Gb Total Space | 9.76 Gb Free Space | 65.80% Space Free | Partition Type: FAT32
Drive K: | 2794.51 Gb Total Space | 521.28 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive M: | 931.28 Gb Total Space | 77.33 Gb Free Space | 8.30% Space Free | Partition Type: FAT32
Drive O: | 3725.90 Gb Total Space | 1469.46 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: A Lamar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\A Lamar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\WRSA.exe (Webroot)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (MPC-HC Team)
PRC - C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Audials\Audials 11\ac3filter.ax ()
MOD - C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll ()
MOD - C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Maxthon\Core\Webkit\libGLESv2.dll ()
MOD - C:\Program Files (x86)\Maxthon\Core\Webkit\libEGL.dll ()
MOD - C:\Program Files (x86)\Maxthon\Bin\Maxzlib.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-55.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-55.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll ()
MOD - C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ff_libmad.dll ()
MOD - C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (HPConnectedRemote) -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RrNetCapFilterDriver) -- C:\Windows\SysNative\drivers\RrNetCapFilterDriver.sys (Audials AG)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (hpvision) -- C:\Windows\SysNative\drivers\hp64vision.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (VNUSB) -- C:\Windows\SysNative\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV - (IObitUnlocker) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys (IObit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2014/03/13 12:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webrootsecure@webroot.com: C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014/03/07 09:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/12/26 13:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Extensions
[2014/01/03 13:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions
[2014/01/03 13:17:25 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:17:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:17:39 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:17:21 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\addon@freecorder.com
[2014/01/03 13:17:21 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\ywb@cqimkfk.co.uk
[2014/01/03 13:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions
[2014/01/03 13:17:03 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:17:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:17:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:16:58 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\addon@freecorder.com
[2014/01/03 13:16:58 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\ywb@cqimkfk.co.uk
[2014/01/03 13:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions
[2014/01/03 13:15:19 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:15:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:15:33 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:15:14 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\addon@freecorder.com
[2014/01/03 13:15:14 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\ywb@cqimkfk.co.uk
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Webroot Filtering Extension = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.0.0.26_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.2.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.4.11_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.4.11_1\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/24 22:41:15 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" /EF "HKCU" File not found
O4 - HKCU..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D8532E-0BB6-4BAD-AFC1-7180316A1809}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: VIDC.X264 - x264vfw64.dll (x264vfw project)
Drivers32:64bit: VIDC.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\WINDOWS\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\WINDOWS\SysWow64\lagarith.dll ( )
Drivers32: VIDC.MP42 - C:\WINDOWS\SysWow64\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\SysWow64\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\WINDOWS\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2038/09/13 09:48:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2038/09/13 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2038/09/13 09:21:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2038/09/13 09:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2038/09/13 07:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SymSilent
[2038/09/13 07:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2038/09/13 07:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64
[2038/09/13 07:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2038/09/13 07:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2038/09/13 07:53:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2038/09/13 07:53:20 | 000,000,000 | R--D | C] -- C:\Program Files\Online Services
[2038/09/13 07:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\en
[2038/09/13 07:52:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2038/09/13 07:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2038/09/13 07:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2038/09/13 07:52:19 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAudio2_5.dll
[2038/09/13 07:52:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAPOFX1_3.dll
[2038/09/13 07:52:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx9_32.dll
[2038/09/13 07:52:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx9_32.dll
[2038/09/13 07:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2038/09/13 07:50:29 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:46:01 | 000,092,536 | ---- | C] (CyberLink) -- C:\WINDOWS\SysNative\drivers\CLVirtualDrive.sys
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2038/09/13 07:45:16 | 000,377,344 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbrprtmon.dll
[2038/09/13 07:45:16 | 000,355,840 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmon.dll
[2038/09/13 07:45:16 | 000,170,496 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmonui.dll
[2038/09/13 07:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HPConnectedMusic
[2038/09/13 07:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Autonomy
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autonomy
[2038/09/13 07:43:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Online Services
[2038/09/13 07:43:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[2038/09/13 07:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2038/09/13 07:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2038/09/13 07:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2038/09/13 07:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2038/09/13 07:42:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2038/09/13 07:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2038/09/13 07:40:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2038/09/13 07:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{AFF99647-6D64-46F2-934A-F12F468037F6}
[2038/09/13 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2038/09/13 07:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink Corporation
[2038/09/13 07:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2038/09/13 07:37:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2038/09/13 07:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2038/09/13 07:37:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2038/09/13 07:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2038/09/13 07:36:16 | 000,117,248 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\HPMUIDir.exe
[2038/09/13 07:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2038/09/13 07:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2038/09/13 07:32:30 | 006,085,632 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2038/09/13 07:32:30 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2038/09/13 07:32:30 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2038/09/13 07:32:30 | 000,224,256 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2038/09/13 07:32:30 | 000,037,888 | ---- | C] (Hewlett-Packard ) -- C:\WINDOWS\SysNative\Beats64.exe
[2038/09/13 07:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SoundResearch
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/03/13 20:09:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\A Lamar\Desktop\HiJackThis.exe
[2014/03/13 20:08:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A Lamar\Desktop\OTL.exe
[2014/03/12 23:54:03 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014/03/12 23:54:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/03/11 05:25:59 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Apple
[2014/03/11 05:22:45 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Apple Computer
[2014/03/07 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\IDT
[2014/03/06 06:23:16 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452)
[2014/03/04 22:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/04 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\eFax Messenger
[2014/03/04 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Setup
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\eFax Messenger 4.4
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2014/03/02 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2014/03/02 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2014/02/27 19:39:29 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\IObit
[2014/02/24 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2014/02/24 16:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2014/02/22 17:43:22 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\WebApp
[2014/02/22 17:42:38 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Cyberlink
[2014/02/22 17:42:33 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\CyberLink
[2014/02/22 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\CyberLink
[2014/02/22 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\ConvertXtoDVD
[2014/02/22 03:28:11 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Diagnostics
[2014/02/22 03:14:00 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Opera Software
[2014/02/22 03:14:00 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Opera Software
[2014/02/21 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2014/02/20 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\CrashDumps
[2014/02/20 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\Any Video Converter
[2014/02/20 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\AnvSoft
[2014/02/20 23:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2014/02/20 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2014/02/20 16:12:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/20 16:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/17 09:14:18 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014/02/17 09:14:18 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014/02/17 09:14:18 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014/02/17 09:14:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014/02/17 09:14:10 | 003,210,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014/02/17 09:14:09 | 018,577,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/02/17 09:14:09 | 002,804,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014/02/17 09:14:07 | 002,142,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/02/17 09:14:07 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/02/17 09:14:06 | 002,131,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/02/17 09:14:05 | 001,371,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/02/17 09:14:04 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/02/17 09:14:03 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/02/17 09:14:02 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/02/17 09:13:58 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/02/17 09:13:58 | 001,374,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/02/17 09:13:57 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/02/17 09:13:56 | 000,764,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/02/17 09:13:56 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/02/17 09:13:56 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/02/17 09:13:55 | 000,809,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014/02/17 09:13:55 | 000,669,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/02/17 09:13:55 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/02/17 09:13:55 | 000,032,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/02/17 09:13:54 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/02/17 09:13:54 | 000,745,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2014/02/17 09:13:54 | 000,663,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014/02/17 09:13:54 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2014/02/17 09:13:54 | 000,461,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/02/17 09:13:53 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2014/02/17 09:13:53 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll
[2014/02/17 09:13:53 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014/02/17 09:13:52 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014/02/17 09:13:52 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014/02/17 09:13:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll
[2014/02/17 09:13:51 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/02/17 09:13:51 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/02/17 09:13:51 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/02/17 09:13:51 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bi.dll
[2014/02/17 09:13:50 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014/02/17 09:13:50 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014/02/17 09:13:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014/02/17 09:13:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceregistration.dll
[2014/02/17 08:56:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014/02/17 08:56:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/02/17 08:56:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/02/17 08:56:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/02/17 08:56:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/02/17 08:56:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/02/17 08:56:05 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/02/17 08:56:05 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/02/17 08:56:05 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/02/17 08:56:04 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/02/17 08:56:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/02/17 08:56:02 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/02/17 08:56:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/02/17 08:56:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014/02/17 08:56:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/02/17 08:56:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/02/17 08:55:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/02/17 08:55:59 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/02/17 08:55:59 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/02/17 08:55:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/02/17 08:55:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/02/17 08:53:34 | 013,209,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/02/17 08:53:34 | 011,702,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/02/17 08:53:34 | 007,416,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/02/17 08:53:33 | 004,961,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/02/17 08:53:33 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/02/17 08:53:32 | 001,462,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/02/17 08:23:16 | 004,217,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/02/17 08:23:16 | 002,804,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/02/17 08:23:16 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/02/17 08:23:16 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/02/17 08:23:16 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/02/17 08:23:16 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/02/17 08:23:15 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/02/17 08:23:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/02/17 08:23:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/02/17 07:20:57 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014/02/17 07:20:23 | 004,604,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014/02/17 07:20:23 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014/02/17 06:11:45 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/02/17 06:02:50 | 001,113,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/02/17 05:55:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaui.exe
[2014/02/17 05:55:24 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pcaui.exe
[2014/02/14 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\NCH Software
[2014/01/03 15:00:18 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\A Lamar\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:57:35 | 000,018,630 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:50:27 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:39:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\0
[2014/03/13 20:13:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_A Lamar.job
[2014/03/13 20:10:42 | 000,625,664 | ---- | M] () -- C:\Users\A Lamar\Desktop\dds.scr
[2014/03/13 20:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/13 20:10:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_A Lamar.job
[2014/03/13 20:09:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\A Lamar\Desktop\HiJackThis.exe
[2014/03/13 20:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Lamar\Desktop\OTL.exe
[2014/03/13 19:47:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/13 19:39:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_White.job
[2014/03/13 19:39:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_White.job
[2014/03/13 16:47:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/13 14:45:23 | 000,000,821 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/03/13 14:42:29 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/13 14:42:21 | 000,004,524 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/03/13 14:42:19 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/03/13 12:41:51 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/13 12:41:51 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/13 12:41:51 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/13 12:36:12 | 000,496,256 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/13 12:35:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/13 12:35:45 | 2465,050,623 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/08 17:15:59 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/03/08 07:42:47 | 000,154,248 | ---- | M] (Webroot) -- C:\WINDOWS\SysWow64\WRusr.dll
[2014/03/08 07:42:47 | 000,115,168 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\drivers\WRkrn.sys
[2014/03/08 07:42:47 | 000,105,320 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\WRusr.dll
[2014/03/06 06:23:00 | 000,020,375 | ---- | M] () -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452).zip
[2014/03/05 18:05:01 | 000,002,265 | ---- | M] () -- C:\Users\A Lamar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/04 22:51:23 | 000,002,474 | ---- | M] () -- C:\Users\A Lamar\Desktop\JRW - Chrome.lnk
[2014/03/04 22:51:23 | 000,002,430 | ---- | M] () -- C:\Users\A Lamar\Desktop\A LAMAR Chrome.lnk
[2014/03/04 22:17:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\eFax_4_4_Port
[2014/03/04 21:53:43 | 000,000,885 | ---- | M] () -- C:\Users\A Lamar\Desktop\P - Shortcut.lnk
[2014/03/01 14:41:19 | 000,001,145 | ---- | M] () -- C:\Users\A Lamar\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/27 18:16:47 | 000,000,854 | ---- | M] () -- C:\Users\A Lamar\Desktop\CCleaner.lnk
[2014/02/24 16:26:51 | 000,001,131 | ---- | M] () -- C:\Users\A Lamar\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 17:46:58 | 000,001,927 | ---- | M] () -- C:\Users\A Lamar\Desktop\Media Go.lnk
[2014/02/22 17:43:45 | 000,001,421 | ---- | M] () -- C:\Users\A Lamar\Desktop\CyberLink Media Suite.lnk
[2014/02/22 16:57:04 | 000,001,360 | ---- | M] () -- C:\Users\A Lamar\Desktop\Freemake Video Converter.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/20 23:25:55 | 000,001,221 | ---- | M] () -- C:\Users\A Lamar\Desktop\Any Video Converter.lnk
[2014/02/17 17:00:34 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/02/17 17:00:34 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/14 20:36:00 | 000,001,313 | ---- | M] () -- C:\Users\A Lamar\Desktop\Media Player Classic.lnk
 
========== Files Created - No Company Name ==========
 
[2038/09/13 09:18:56 | 2465,050,623 | -HS- | C] () -- C:\hiberfil.sys
[2038/09/13 09:17:24 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2038/09/13 07:57:35 | 000,018,630 | ---- | C] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:57:16 | 000,004,524 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2038/09/13 07:57:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2038/09/13 07:52:53 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2038/09/13 07:52:49 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2038/09/13 07:45:11 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
[2038/09/13 07:42:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[2038/09/13 07:41:15 | 000,024,376 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\cpqdfw.sys
[2038/09/13 07:39:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\0
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2014/03/13 20:10:41 | 000,625,664 | ---- | C] () -- C:\Users\A Lamar\Desktop\dds.scr
[2014/03/06 06:22:59 | 000,020,375 | ---- | C] () -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452).zip
[2014/03/04 21:53:43 | 000,000,885 | ---- | C] () -- C:\Users\A Lamar\Desktop\P - Shortcut.lnk
[2014/03/01 14:41:19 | 000,001,145 | ---- | C] () -- C:\Users\A Lamar\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/24 16:26:51 | 000,001,131 | ---- | C] () -- C:\Users\A Lamar\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 17:46:58 | 000,001,927 | ---- | C] () -- C:\Users\A Lamar\Desktop\Media Go.lnk
[2014/02/22 17:43:45 | 000,001,421 | ---- | C] () -- C:\Users\A Lamar\Desktop\CyberLink Media Suite.lnk
[2014/02/22 16:57:04 | 000,001,360 | ---- | C] () -- C:\Users\A Lamar\Desktop\Freemake Video Converter.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/20 23:25:55 | 000,001,221 | ---- | C] () -- C:\Users\A Lamar\Desktop\Any Video Converter.lnk
[2014/02/17 09:13:47 | 000,385,614 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/02/17 08:53:32 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/02/17 08:53:32 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/02/14 20:36:00 | 000,001,313 | ---- | C] () -- C:\Users\A Lamar\Desktop\Media Player Classic.lnk
[2014/01/30 00:31:50 | 002,927,360 | ---- | C] () -- C:\WINDOWS\wweb32.dll
[2014/01/17 11:01:02 | 000,091,136 | ---- | C] () -- C:\WINDOWS\SendToClip.exe
[2014/01/17 06:35:18 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/03 15:00:18 | 000,099,384 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\inst.exe
[2014/01/03 15:00:18 | 000,007,859 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\pcouffin.cat
[2014/01/03 15:00:18 | 000,001,167 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\pcouffin.inf
[2013/12/24 13:09:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2013/12/24 10:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/12/24 08:18:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/12/24 02:16:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2013/12/24 02:16:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2013/12/24 02:16:05 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lagarith.dll
[2013/12/24 02:16:04 | 000,217,176 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/12/24 02:16:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013/12/23 19:24:40 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/21 15:53:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/21 15:52:58 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/21 15:52:56 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/30 13:22:52 | 000,000,821 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/07/27 17:50:34 | 000,333,312 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/07/10 21:04:10 | 000,062,976 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/07/10 20:59:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/07/10 20:26:44 | 000,090,208 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/07/10 20:26:44 | 000,086,108 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/07/10 20:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/07/10 20:26:44 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/07/10 20:26:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/06/13 11:45:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\SysWow64\SROF.dll
[2012/06/05 00:31:00 | 000,000,417 | ---- | C] () -- C:\WINDOWS\SysWow64\RaoBLE.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 07:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 04:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/20 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\AnvSoft
[2014/01/03 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Canneverbe Limited
[2014/03/13 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\ClassicShell
[2014/03/04 22:17:09 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\eFax Messenger
[2014/01/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Epson
[2014/03/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\IDT
[2014/02/27 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\IObit
[2014/01/17 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\JGsoft
[2014/02/01 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Kingsoft
[2014/01/03 19:09:08 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Matus Tomlein
[2014/03/04 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Maxthon3
[2014/02/22 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Opera Software
[2014/02/01 05:39:39 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Sony
[2014/03/11 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\Vso
[2014/02/22 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\A Lamar\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2013/11/14 03:14:33 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.3.9600.16384_en-us_13bedf9d3e4c78d1\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2013/06/18 10:57:40 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.3.9600.16384_none_067909bec4cce684\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/11/14 03:29:02 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2013/11/14 03:29:02 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/11/14 03:29:01 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2013/11/14 03:29:01 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013/09/20 11:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2013/11/14 03:14:23 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\en-US\explorer.exe.mui
[2013/11/14 03:14:23 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2013/11/14 03:14:23 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_f6b0e7284798d168\explorer.exe.mui
[2013/11/14 03:14:23 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6B943F9892499269B3C4886C1F0BD843 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_0105917a7bf99363\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2014/03/12 05:52:18 | 000,204,684 | ---- | M] () MD5=A8DD5B0E54C4CF731BAC20D7B7BAB39F -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.EXE  >
[2014/02/06 09:08:02 | 000,806,064 | ---- | M] (Microsoft Corporation) MD5=2E032281A818BCD191E3DD92000A8EAE -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/02/06 09:08:02 | 000,806,064 | ---- | M] (Microsoft Corporation) MD5=2E032281A818BCD191E3DD92000A8EAE -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16518_none_9c5ec16890d148c6\iexplore.exe
[2014/03/13 13:10:18 | 000,000,012 | ---- | M] () MD5=3EFB7DD484879DE81FC1BEB72BC92B8F -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16521_none_9c60612a90cfaeb6\iexplore.exe
[2014/03/13 13:10:43 | 000,000,012 | ---- | M] () MD5=3EFB7DD484879DE81FC1BEB72BC92B8F -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16521_none_a6b50b7cc53070b1\iexplore.exe
[2014/02/20 06:31:23 | 000,009,369 | ---- | M] () MD5=7B0FB14120A13191E63C458C64720489 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_a6d068b8c51b1dbc\iexplore.exe
[2014/02/06 07:18:16 | 000,808,112 | ---- | M] (Microsoft Corporation) MD5=9FBB2F038A2DDCE696BDEE7080241C0C -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/02/06 07:18:16 | 000,808,112 | ---- | M] (Microsoft Corporation) MD5=9FBB2F038A2DDCE696BDEE7080241C0C -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16518_none_a6b36bbac5320ac1\iexplore.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2014/02/20 06:23:17 | 000,010,956 | ---- | M] () MD5=CB6B6941B52B10900DB2808854F70233 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_9c7bbe6690ba5bc1\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/14 03:14:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/14 03:14:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/14 03:14:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_962853ddc8679ca8\iexplore.exe.mui
[2013/11/14 03:14:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=25B70D28D1CE87B67EEC2BA899126244 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_a07cfe2ffcc85ea3\iexplore.exe.mui
 
< MD5 for: IEXPLORE.VISUALELEMENTSMANIFEST.XML  >
[2013/06/18 10:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Program Files\Internet Explorer\iexplore.VisualElementsManifest.xml
[2013/06/18 10:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Windows\WinSxS\amd64_microsoft-windows-immersivebrowser_31bf3856ad364e35_11.0.9600.16384_none_c673d0d2f4ca87f4\iexplore.VisualElementsManifest.xml
 
< MD5 for: SERVICES  >
[2013/08/22 11:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/24 00:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 02:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2013/08/22 09:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 09:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2013/11/14 03:14:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/11/14 03:14:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/12/26 13:44:54 | 000,095,613 | ---- | M] () MD5=7453C7FF6D8422AB7B0D6000AA8885C9 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.299_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 13:46:00 | 000,095,613 | ---- | M] () MD5=7453C7FF6D8422AB7B0D6000AA8885C9 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.337_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 13:46:00 | 000,095,613 | ---- | M] () MD5=7453C7FF6D8422AB7B0D6000AA8885C9 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.335_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 13:46:00 | 000,095,613 | ---- | M] () MD5=7453C7FF6D8422AB7B0D6000AA8885C9 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.321_x64__8wekyb3d8bbwe\common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.236_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/02/24 23:56:57 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js
[2013/12/26 13:37:03 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 13:36:44 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.202_x64__8wekyb3d8bbwe\common\js\services.js
[2013/12/26 13:36:44 | 000,095,331 | ---- | M] () MD5=FAA0FC80FCDDF0B163707F352BEA3C36 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe\common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2013/08/22 02:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 02:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 02:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2013/06/18 10:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 10:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
 
< MD5 for: SERVICES.MSC  >
[2013/11/14 03:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 10:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/11/14 03:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 08:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/11/14 03:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 10:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 08:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/11/14 03:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
 
< MD5 for: SERVICES.PNG  >
[2012/07/17 11:09:28 | 000,000,863 | ---- | M] () MD5=D1216C0F5D2A014C4F6CD31E49F02A29 -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\services.png
[2012/07/17 11:09:28 | 000,000,863 | ---- | M] () MD5=D1216C0F5D2A014C4F6CD31E49F02A29 -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\services.png
 
< MD5 for: SERVICES.PTXML  >
[2013/08/22 02:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 02:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 01:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
 
< MD5 for: SERVICES.SBS-20110301.CAB  >
[2014/01/24 22:33:13 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab
 
< MD5 for: WINLOGON.ADML  >
[2013/11/14 03:48:14 | 000,002,631 | ---- | M] () MD5=3FC16D999444A213C04297050F42DA07 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.3.9600.16384_en-us_85c27192b0d9003d\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2013/08/22 10:57:15 | 000,001,101 | ---- | M] () MD5=513B8C31BC439F0A37EA44D540F98916 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.3.9600.16384_none_6bcbbccd4d39421a\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/08/22 05:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\WINDOWS\SysNative\winlogon.exe
[2013/08/22 05:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2013/11/14 03:14:28 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\WINDOWS\SysNative\en-US\winlogon.exe.mui
[2013/11/14 03:14:28 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bbb6f195d80d78ae\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2014/03/13 12:38:59 | 000,032,606 | ---- | M] () MD5=C46915156E3FF04C57D5659C778CF800 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2013/11/14 03:14:28 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\SysNative\wbem\en-US\winlogon.mfl
[2013/11/14 03:14:28 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.3.9600.16384_en-us_19794360f345d243\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2013/08/22 02:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\SysNative\wbem\winlogon.mof
[2013/08/22 02:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.3.9600.16384_none_70f729db49dee3dc\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/12/24 08:11:15 | 000,000,000 | ---- | M] () -- C:\12NA3RR8605.restore
[2012/07/25 23:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2013/06/18 08:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2014/03/13 12:35:45 | 2465,050,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/24 08:11:15 | 000,000,000 | RHS- | M] () -- C:\OS
[2014/03/13 15:15:54 | 889,192,448 | -HS- | M] () -- C:\pagefile.sys
[2014/03/13 12:35:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
< %systemroot%\Fonts\*.com >
[2013/12/23 19:17:34 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2013/12/23 19:17:34 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2013/12/23 19:17:34 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2013/12/23 19:17:34 | 000,043,318 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2013/08/22 11:35:03 | 000,000,065 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/03/08 21:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2013/08/22 11:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 620E-E73A
 Directory of C:\
08/22/2013  10:45 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
08/22/2013  10:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  10:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  10:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  10:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  10:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\SYSTEM.SAV\LOGS\SymLogs
09/13/2038  07:54 AM    <SYMLINKD>     cclog [C:\Users\Public\Symantec\SymSilent\cclog]
               0 File(s)              0 bytes
 Directory of C:\Users
08/22/2013  10:45 AM    <SYMLINKD>     All Users [C:\ProgramData]
08/22/2013  10:45 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar
12/26/2013  01:31 PM    <JUNCTION>     Application Data [C:\Users\A Lamar\AppData\Roaming]
12/26/2013  01:31 PM    <JUNCTION>     Cookies [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCookies]
12/26/2013  01:31 PM    <JUNCTION>     Local Settings [C:\Users\A Lamar\AppData\Local]
12/26/2013  01:31 PM    <JUNCTION>     My Documents [C:\Users\A Lamar\Documents]
12/26/2013  01:31 PM    <JUNCTION>     NetHood [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/26/2013  01:31 PM    <JUNCTION>     PrintHood [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/26/2013  01:31 PM    <JUNCTION>     Recent [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Recent]
12/26/2013  01:31 PM    <JUNCTION>     SendTo [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\SendTo]
12/26/2013  01:31 PM    <JUNCTION>     Start Menu [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu]
12/26/2013  01:31 PM    <JUNCTION>     Templates [C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar\AppData\Local
12/26/2013  01:31 PM    <JUNCTION>     Application Data [C:\Users\A Lamar\AppData\Local]
12/26/2013  01:31 PM    <JUNCTION>     History [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\History]
12/26/2013  01:31 PM    <JUNCTION>     Temporary Internet Files [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar\AppData\Local\Microsoft\Windows
12/26/2013  01:31 PM    <JUNCTION>     Temporary Internet Files [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache
12/26/2013  01:31 PM    <JUNCTION>     Content.IE5 [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\Low
12/26/2013  01:34 PM    <JUNCTION>     Content.IE5 [C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\A Lamar\Documents
12/26/2013  01:31 PM    <JUNCTION>     My Music [C:\Users\A Lamar\Music]
12/26/2013  01:31 PM    <JUNCTION>     My Pictures [C:\Users\A Lamar\Pictures]
12/26/2013  01:31 PM    <JUNCTION>     My Videos [C:\Users\A Lamar\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
08/22/2013  10:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  10:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  10:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  10:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  10:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
08/22/2013  10:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013  10:45 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013  10:45 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
08/22/2013  10:45 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
08/22/2013  10:45 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013  10:45 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013  10:45 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013  10:45 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013  10:45 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013  10:45 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
08/22/2013  10:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
08/22/2013  10:45 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013  10:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013  10:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
08/22/2013  10:45 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
08/22/2013  10:45 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
08/22/2013  10:45 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default.migrated\Documents
07/26/2012  03:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/26/2012  03:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/26/2012  03:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins
12/24/2013  03:31 AM    <JUNCTION>     Application Data [C:\Users\Eurceliakins\AppData\Roaming]
12/24/2013  03:31 AM    <JUNCTION>     Cookies [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCookies]
12/24/2013  03:31 AM    <JUNCTION>     Local Settings [C:\Users\Eurceliakins\AppData\Local]
12/24/2013  03:31 AM    <JUNCTION>     My Documents [C:\Users\Eurceliakins\Documents]
12/24/2013  03:31 AM    <JUNCTION>     NetHood [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/24/2013  03:31 AM    <JUNCTION>     PrintHood [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/24/2013  03:31 AM    <JUNCTION>     Recent [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\Recent]
12/24/2013  03:31 AM    <JUNCTION>     SendTo [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\SendTo]
12/24/2013  03:31 AM    <JUNCTION>     Start Menu [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\Start Menu]
12/24/2013  03:31 AM    <JUNCTION>     Templates [C:\Users\Eurceliakins\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins\AppData\Local
12/24/2013  03:31 AM    <JUNCTION>     Application Data [C:\Users\Eurceliakins\AppData\Local]
12/24/2013  03:31 AM    <JUNCTION>     History [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\History]
12/24/2013  03:31 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows
12/24/2013  03:31 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache
12/24/2013  03:31 AM    <JUNCTION>     Content.IE5 [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache\Low
12/27/2013  02:09 AM    <JUNCTION>     Content.IE5 [C:\Users\Eurceliakins\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\Eurceliakins\Documents
12/24/2013  03:31 AM    <JUNCTION>     My Music [C:\Users\Eurceliakins\Music]
12/24/2013  03:31 AM    <JUNCTION>     My Pictures [C:\Users\Eurceliakins\Pictures]
12/24/2013  03:31 AM    <JUNCTION>     My Videos [C:\Users\Eurceliakins\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
08/22/2013  10:45 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
08/22/2013  10:45 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
08/22/2013  10:45 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\White
12/23/2013  07:26 PM    <JUNCTION>     Application Data [C:\Users\White\AppData\Roaming]
12/23/2013  07:26 PM    <JUNCTION>     Cookies [C:\Users\White\AppData\Local\Microsoft\Windows\INetCookies]
12/23/2013  07:26 PM    <JUNCTION>     Local Settings [C:\Users\White\AppData\Local]
12/23/2013  07:26 PM    <JUNCTION>     My Documents [C:\Users\White\Documents]
12/23/2013  07:26 PM    <JUNCTION>     NetHood [C:\Users\White\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/23/2013  07:26 PM    <JUNCTION>     PrintHood [C:\Users\White\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/23/2013  07:26 PM    <JUNCTION>     Recent [C:\Users\White\AppData\Roaming\Microsoft\Windows\Recent]
12/23/2013  07:26 PM    <JUNCTION>     SendTo [C:\Users\White\AppData\Roaming\Microsoft\Windows\SendTo]
12/23/2013  07:26 PM    <JUNCTION>     Start Menu [C:\Users\White\AppData\Roaming\Microsoft\Windows\Start Menu]
12/23/2013  07:26 PM    <JUNCTION>     Templates [C:\Users\White\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\White\AppData\Local
12/23/2013  07:26 PM    <JUNCTION>     Application Data [C:\Users\White\AppData\Local]
12/23/2013  07:26 PM    <JUNCTION>     History [C:\Users\White\AppData\Local\Microsoft\Windows\History]
12/23/2013  07:26 PM    <JUNCTION>     Temporary Internet Files [C:\Users\White\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\White\AppData\Local\Microsoft\Windows
12/23/2013  07:26 PM    <JUNCTION>     Temporary Internet Files [C:\Users\White\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\White\AppData\Local\Microsoft\Windows\INetCache
12/23/2013  07:36 PM    <JUNCTION>     Content.IE5 [C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\Low
12/23/2013  07:40 PM    <JUNCTION>     Content.IE5 [C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\White\Documents
12/23/2013  07:26 PM    <JUNCTION>     My Music [C:\Users\White\Music]
12/23/2013  07:26 PM    <JUNCTION>     My Pictures [C:\Users\White\Pictures]
12/23/2013  07:26 PM    <JUNCTION>     My Videos [C:\Users\White\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
01/03/2014  08:29 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming]
01/03/2014  08:29 PM    <JUNCTION>     Cookies [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
01/03/2014  08:29 PM    <JUNCTION>     Local Settings [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
01/03/2014  08:29 PM    <JUNCTION>     My Documents [C:\WINDOWS\system32\config\systemprofile\Documents]
01/03/2014  08:29 PM    <JUNCTION>     NetHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2014  08:29 PM    <JUNCTION>     PrintHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2014  08:29 PM    <JUNCTION>     Recent [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2014  08:29 PM    <JUNCTION>     SendTo [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/03/2014  08:29 PM    <JUNCTION>     Start Menu [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2014  08:29 PM    <JUNCTION>     Templates [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/03/2014  08:29 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
01/03/2014  08:29 PM    <JUNCTION>     History [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/03/2014  08:29 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows
01/03/2014  08:29 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
01/18/2014  01:24 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
01/03/2014  08:29 PM    <JUNCTION>     My Music [C:\WINDOWS\system32\config\systemprofile\Music]
01/03/2014  08:29 PM    <JUNCTION>     My Pictures [C:\WINDOWS\system32\config\systemprofile\Pictures]
01/03/2014  08:29 PM    <JUNCTION>     My Videos [C:\WINDOWS\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
01/03/2014  08:29 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming]
01/03/2014  08:29 PM    <JUNCTION>     Cookies [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
01/03/2014  08:29 PM    <JUNCTION>     Local Settings [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
01/03/2014  08:29 PM    <JUNCTION>     My Documents [C:\WINDOWS\system32\config\systemprofile\Documents]
01/03/2014  08:29 PM    <JUNCTION>     NetHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2014  08:29 PM    <JUNCTION>     PrintHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2014  08:29 PM    <JUNCTION>     Recent [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2014  08:29 PM    <JUNCTION>     SendTo [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/03/2014  08:29 PM    <JUNCTION>     Start Menu [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2014  08:29 PM    <JUNCTION>     Templates [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
01/03/2014  08:29 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
01/03/2014  08:29 PM    <JUNCTION>     History [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/03/2014  08:29 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
01/03/2014  08:29 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
01/18/2014  01:24 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/03/2014  08:29 PM    <JUNCTION>     My Music [C:\WINDOWS\system32\config\systemprofile\Music]
01/03/2014  08:29 PM    <JUNCTION>     My Pictures [C:\WINDOWS\system32\config\systemprofile\Pictures]
01/03/2014  08:29 PM    <JUNCTION>     My Videos [C:\WINDOWS\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             130 Dir(s)  526,683,836,416 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/12/26 13:34:41 | 000,000,223 | -HS- | M] () -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/03/13 20:09:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\A Lamar\Desktop\HiJackThis.exe
[2014/03/13 20:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Lamar\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
 

OTL Extras logfile created on: 3/13/2014 8:21:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A Lamar\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 52.35% Memory free
8.70 Gb Paging File | 2.89 Gb Available in Paging File | 33.18% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.39 Gb Total Space | 490.54 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 1.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 14.83 Gb Total Space | 9.76 Gb Free Space | 65.80% Space Free | Partition Type: FAT32
Drive K: | 2794.51 Gb Total Space | 521.28 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive M: | 931.28 Gb Total Space | 77.33 Gb Free Space | 8.30% Space Free | Partition Type: FAT32
Drive O: | 3725.90 Gb Total Space | 1469.46 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: A Lamar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = internetshortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
.txt [@ = txtfile] -- C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe (Just Great Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Directory [SynkronDelete] -- "C:\Program Files (x86)\Synkron\Synkron.exe" "-delete" "%1" ()
Directory [SynkronRename] -- "C:\Program Files (x86)\Synkron\Synkron.exe" "-rename" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [sendtotoys1add] -- C:\Program Files\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\Send To Toys\SendToCommandPrompt.exe "%1" ()
Directory [SynkronDelete] -- "C:\Program Files (x86)\Synkron\Synkron.exe" "-delete" "%1" ()
Directory [SynkronRename] -- "C:\Program Files (x86)\Synkron\Synkron.exe" "-rename" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ED9C80-86AD-43FF-9B14-71A61EBC1B25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{137E6952-1503-4F32-BB2F-588EB154FC3F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1ADCF04D-8A2A-4397-B96E-9618A8CBFF95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C799E84-BCA7-4100-A6D2-356E3316F42A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C94EF82-16ED-420B-ADB5-F318B138EBA9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3585C650-752B-4478-98A2-2DD329C296C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{41355CB2-73BD-4A62-A6EA-462C8C5066A0}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | 
"{45940FED-95BB-479F-93FF-6C499F9D545D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46621D0C-028A-4B17-8D8D-B8C1934E31F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D8BC483-19D3-43F2-8FD5-7D31DA560BB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55DCE112-023F-424C-ACEA-05F1E8B262A7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{570591F5-B791-4F28-8506-276A62A8C87F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B1A44BF-C714-43D9-8F11-30DBDFA06DAE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{62016588-A141-4F5B-A2DF-D0958484A72C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{714B309B-F105-453A-9A73-5EE4F87C18CD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{746C63A6-C012-41C0-95DC-E601DF8BF85A}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{791E96B4-8743-443E-8C26-ABA4E48B0B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{804E821B-6438-44F9-8CFA-EBDA939FB715}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A2708CE8-3485-4B07-BE1A-0998B0DF5670}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A69D5300-676B-457F-9C2B-33FEF8158257}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B8CDA331-E3F8-4BEE-B7FA-9313E020A1AC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BAD811C7-7124-4BD6-B08F-D732B8366308}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{C3E12D76-9265-4060-B3E1-41805A23AEE4}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{C56A8A60-5352-4E9D-9756-89FEA4A0AF4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C99A7038-504D-4D30-8400-FCC8C9BB3F65}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CE89D058-77FE-49A8-8186-BD41FDE9AF0A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E7DB75C1-7EFF-419E-AE73-E8EDBEB4F6FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6946FCF-06E4-41FB-B53B-316790AC95BF}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
"{FA7B0212-EC43-4A1E-B59C-2901F943AABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF2E71A8-E120-4130-83F5-FF1B7777EDE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003C92B-E5C6-4086-9B3F-E2078A64DBC5}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{002AA4C8-54D3-486D-902E-0AF2662A9815}" = dir=out | name=juniper networks junos pulse | 
"{01798083-E004-408D-881D-75D4BCFBD00C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{01F55FC3-9B45-43CB-B344-36AD9FD933B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{061B663A-7FD5-40B8-9F5E-2FBE5FC0D211}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{0638C58E-9003-4579-8A12-32874F8C7478}" = dir=out | name=microsoft solitaire collection | 
"{08605DAD-C5E7-4F72-AD09-C1CE4F5E3A30}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{08F2B763-FB7B-419A-8E45-72EB57651366}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09D9D848-B14D-4311-95A2-06AC5ACC4906}" = dir=out | name=windows_ie_ac_001 | 
"{09E99509-1ECF-4630-BD06-2B76D9E91AA7}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{0B52A012-50C4-4B45-A267-248FB47C27CA}" = dir=out | name=netflix | 
"{0CA5AC1E-0E76-4BE1-BAB0-2D5C3FE4508E}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{0CD7A8D7-2351-43A3-B08E-26B0A4075130}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{0E371576-D6F3-42A2-AE75-340E76FE4A3E}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0F4007B8-54BB-490A-B4C2-C7E234B18BCB}" = dir=in | name=f5 vpn | 
"{0FBE60B5-8441-49E2-96F0-C36DDB3820F3}" = dir=in | name=f5 vpn | 
"{11253735-0AFC-4188-A273-F3F964707483}" = dir=out | name=skype | 
"{128E2ACE-53D2-4879-892C-63062B514AB0}" = dir=out | name=microsoft mahjong | 
"{129AC7E9-455F-425D-BCD2-ED488CBBC590}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{13643B55-92A2-4F07-9CED-AFA8EBBD6686}" = dir=out | name=kindle | 
"{14A498B4-5B8F-4713-8F4B-1F6D741AB146}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{17D565D8-4774-4F6A-BE2C-D2EBE0C33292}" = dir=in | name=sonicwall mobile connect | 
"{190941FA-6B30-455D-A01A-3D9F85103936}" = dir=out | name=getting started with windows 8 | 
"{192F3442-0FAA-4488-B18D-51F4D3AAC035}" = dir=out | name=microsoft mahjong | 
"{1951A36A-2F7B-4524-AD67-A64E9CC03C8D}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{1A33AB61-0251-4587-88F5-B9A4C780801D}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 
"{1C9EBE6D-1E15-4CA2-AAEA-71E5B3C22C70}" = dir=out | name=microsoft solitaire collection | 
"{1D64FB19-21ED-4FD1-967B-1D4C673B9DEE}" = dir=out | name=@{microsoft.zunevideo_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{1DB96CBE-C5C1-4C60-85A0-B0B0EE4E45CC}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1DCC3FB2-A553-481D-8597-D0C2D8DD2F14}" = dir=in | name=skype | 
"{1DE66B81-17A7-4583-9C1D-657305761BDE}" = dir=out | name=netflix | 
"{1E24B851-BE05-44EC-991E-186E008446DF}" = dir=out | name=hp connected photo powered by snapfish | 
"{1FD0AB9A-EA3B-4569-BA45-79690694893D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{20C3187B-6ACB-4220-81E3-2D98177CEDCE}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{210A9762-917A-4162-9E90-9559443CF0E5}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{25AB937D-3C05-48CF-8B09-0B09F9025873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{262F9506-5087-4905-B6A6-2C0157B1BF50}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 
"{2A9E6394-DCBC-4054-A792-32D1BF1263FA}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{2AF03732-DF2F-4F80-BF78-F9FE17CB1970}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 
"{2BC978FA-FA2A-47AB-82EE-C620667A414F}" = dir=out | name=f5 vpn | 
"{2CD245B9-ADE8-40FD-B75B-BD02F943AEDE}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{2F494BE4-9E88-45E0-BCCA-89C0732BFD4D}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe | 
"{2F4ED169-A73E-4AE5-BA41-6D9CFB0039DB}" = dir=out | name=iheartradio | 
"{3025F865-B331-4A56-A5F6-05148F45A401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3167EDB6-BC19-487A-A001-1FB1040177EC}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | 
"{31F364FA-AFD5-4418-9A22-C11044E4465C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{336BB7BF-F594-4D82-B403-24D6F4A784A4}" = dir=out | name=hp registration | 
"{37FCBAD6-C3B3-41E5-A8BA-33C6504371A6}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{39056E61-8A1A-45DE-B705-8EFF9F7A6C0A}" = dir=in | name=microsoft solitaire collection | 
"{3A91FC77-DE7F-43C1-B5E5-F12EF66B76BF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{3CADDAC6-4798-4C07-815F-1DF967DE3F76}" = dir=out | name=norton studio | 
"{3CC1999A-E427-4B62-8D06-B69CC0F43B4B}" = dir=out | name=@{microsoft.zunemusic_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{41548B42-4EEC-4B38-9886-5586F045A3D4}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{418A3A60-5605-404D-ADF3-913149820A2E}" = dir=in | name=microsoft mahjong | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{44661591-FAA3-4760-BB1C-503A59D3B39E}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{456B6BFD-0058-4C9F-AFE7-1765CD4B1FD1}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{4905EE05-7D06-4B49-BEEA-63C9E2242F42}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe | 
"{4A7BBD32-C20F-47B6-BF4D-2A6EC5B001AF}" = dir=in | name=hp connected photo powered by snapfish | 
"{4BA37726-E3AA-40D1-80F6-79DEAA989351}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{4BA9AF1B-6CF1-43E7-8FB9-D78207713B26}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{4DBBF7E9-F5EE-4895-B587-B29FF9A59B3B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4F448CBA-7282-49AC-93E9-CACD77A01B69}" = dir=out | name=ebay | 
"{510DDDF3-A8C2-48C7-AB56-3FBDE4FA8D49}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5148ABD6-0979-4D66-B4C6-4ABB94766716}" = dir=out | name=sonicwall mobile connect | 
"{51A40712-8FC8-4671-9F89-84F64AA7553E}" = dir=out | name=hp connected photo powered by snapfish | 
"{51E94C0D-344E-416D-9DB2-F7FC14F05C1B}" = dir=out | name=f5 vpn | 
"{525277C2-70DB-4363-BB1F-280798421614}" = protocol=58 | dir=in | app=system | 
"{53A97570-395A-4C87-8707-C30FE3B83293}" = dir=out | name=norton studio | 
"{53BE02DE-C1FC-44FB-B938-5372463E1D41}" = dir=in | name=sonicwall mobile connect | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{5588FBBA-DFD7-49C4-AB50-85DD7462D6D3}" = dir=out | name=iheartradio | 
"{55EC9B1A-D5C4-4636-8BD7-C7D21F2D478F}" = dir=in | name=hp+ | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5955B8C6-8CFA-4BC5-B1A7-22E1A1D13D6E}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{5E449800-8573-4C91-B8F8-AC49871FE27E}" = dir=in | name=hp connected photo powered by snapfish | 
"{5F0F2DC6-287C-44F6-9F52-578290BD61EB}" = dir=in | name=getting started with windows 8 | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{60C952E3-A9AC-44A7-A938-0A10A7EC2DDD}" = dir=out | name=hp+ | 
"{611B6B11-8229-40D3-8D4A-9ADA8D192669}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{625B05DE-5AEF-44FC-8539-25B5E26A65C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{64737D01-9436-49E6-8474-93732FAB2FE4}" = dir=out | name=ebay | 
"{66EA19A2-5A4E-4E30-90B7-EB755569A4BC}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{68AF1D50-3564-4F63-B98A-15A766CD9360}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68FC0DA6-2355-4EDA-A951-26A912157CAE}" = dir=out | name=check point vpn | 
"{69A24896-009E-49F3-8851-819F8229B97B}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{6AA73374-B47B-481B-9DC9-781652AF8417}" = dir=out | name=ebay | 
"{6B3CB18E-BD1E-4106-86BA-DFFDC1D1D61C}" = dir=in | name=skype | 
"{6BFC00A3-AE1C-408C-A7E5-9A83FC5E56F7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{6CB2454A-35EE-4041-9A4E-222A9D9C0385}" = dir=out | name=hp connected photo powered by snapfish | 
"{6DB2E5DA-0BAB-4162-9A3E-0DBC5C2E6963}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{6DBF7925-EEF3-4B9A-ACD8-2A4D2D511F1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{729B6FF5-0F73-47CF-A893-A3D604ABF836}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{73E90A6F-2DA3-4DA5-A79E-6BBC680A2120}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7557CC92-9479-483F-A039-C387560934A9}" = dir=out | name=f5 vpn | 
"{770DDF5B-29A2-4C25-AE12-DBACA4529DF5}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{77D9F1EF-463A-4B1B-8006-E98BFFB37831}" = dir=out | name=@{microsoft.zunemusic_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{7907A702-E36E-451C-A0CB-6F0627D83642}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7ADCFB13-85F3-462D-AA7C-5F2874C5F86A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E3425A1-3102-42EE-9D8C-006563DA1366}" = protocol=6 | dir=out | app=system | 
"{80316091-FD9F-447D-86C9-398B076DB561}" = dir=out | name=kindle | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80921D65-C166-4147-9AAB-414B53538D06}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{81431DCD-400D-4F55-AE34-CA7193F2D4D3}" = dir=in | name=skype | 
"{83706AAD-8E08-4EE1-BB14-8EE2F99D74B2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8491FB39-4100-4798-B544-912AF667B3D2}" = dir=out | name=hp+ | 
"{87907060-594E-4EAC-A9DF-1C5EAE5D5117}" = dir=in | name=hp+ | 
"{87912772-A7FB-4BCF-9FDA-0BC999D24105}" = dir=out | name=microsoft solitaire collection | 
"{8842DEF7-1B80-4BC7-8270-98140201B00D}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} | 
"{8C8D295F-8E6C-4E05-9CA6-CA96A512AD60}" = dir=in | name=juniper networks junos pulse | 
"{8E57C98A-F923-4E6D-B1F7-9E15321DCF9B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{933B7EDF-BE68-4D1C-B43E-882B742FF364}" = dir=out | name=windows_ie_ac_001 | 
"{9358670A-D42D-4E59-91FC-1EB40EF33989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9628EE1C-B3C3-4EAD-8172-DCA30DA838B9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{98B42573-AB93-459E-82DD-9F0AEE677599}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{993CB8D8-EE68-4475-A4C3-218517CDBEB8}" = dir=out | name=getting started with windows 8 | 
"{9AC8F0ED-B762-4269-9390-DCB2EF1D8444}" = dir=out | name=juniper networks junos pulse | 
"{9C72A444-14D6-4541-A667-C89C7E1F0109}" = dir=in | name=check point vpn | 
"{9CC77241-1F8B-46B3-9866-C2E81294DC09}" = dir=in | name=hp+ | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A1A15CC1-FC64-4B50-8C60-BC833ACA1AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A3D2D0E4-4156-47B6-9964-078DE50ACBC1}" = dir=in | name=getting started with windows 8 | 
"{A477765B-1047-4479-87B3-02D63C36DB20}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{A51171BB-018F-43EE-86FD-6738C63E3AE0}" = dir=out | name=@{microsoft.zunevideo_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{A5D5E745-D016-4F9C-B3D5-5AE2F48E94E1}" = dir=out | name=juniper networks junos pulse | 
"{A5F0395C-4E70-498A-99E2-4E8BB8117BEE}" = dir=in | name=microsoft solitaire collection | 
"{A714B1EA-B9B6-48DA-AC9D-325BD4CA8155}" = dir=out | name=hp+ | 
"{A8803841-90C8-4EE6-AAA2-7D21FDC2CD3B}" = dir=out | name=@{microsoft.zunemusic_2.2.444.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{A8A23128-6C27-4DBB-AF27-96D84AAE77AF}" = dir=out | name=skype | 
"{A8F41A25-1CCF-4924-9C81-95BC6DCB976E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD08513F-2A72-4DB4-AA3B-847961BBF914}" = dir=out | name=netflix | 
"{AE9889BD-4754-4E99-8E2A-3F908C5FACCB}" = dir=in | name=check point vpn | 
"{B214ED58-6D8E-4AB9-B228-02631D6DA9C6}" = dir=in | name=juniper networks junos pulse | 
"{B2FE535F-2D5A-4EC8-BD31-02EF33839550}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B32AA3DD-80CA-4D91-B77F-5357AD6C7305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3DEE0D2-448B-4E98-A4FD-668C6A9F97E1}" = dir=out | name=microsoft mahjong | 
"{B3F1588C-89B9-47CC-8DD2-8A4476BFD5D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B4E1BE9D-3A6D-450B-A48B-F1AFBFB25DDB}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{B5788639-B8A2-40F6-87BE-2AFF5C665BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{B59B2521-2BF3-4993-8686-7D8579425615}" = dir=out | name=iheartradio | 
"{B775E156-55BB-4A43-9E53-A63EBB540771}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{B876250A-D726-4AFD-AAB6-BB4E396A06EA}" = dir=in | name=hp connected photo powered by snapfish | 
"{B953B454-623C-4A3D-BC89-0C2C11323557}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BA7C6F53-5EB0-4901-9AAF-82BF4CD6D535}" = dir=out | name=hp registration | 
"{BBF48DE7-4AE6-479D-A0E0-241F171384C2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{BC0A9AF9-20AB-4351-93CA-8C01B33994EA}" = dir=in | name=check point vpn | 
"{BCA858B9-A8A1-461A-9473-FFEF0505539E}" = dir=out | name=check point vpn | 
"{BD822629-DBBF-4AD4-A229-F30179F6E8EA}" = dir=in | name=f5 vpn | 
"{C0D7940D-5C77-4EA8-8798-9AE30D804C6C}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{C232E681-4443-49CF-94C2-26A53D6B3930}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{C37E3EC2-13FA-44BF-BC35-86A82C59097F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{C425FDA0-0FB9-451A-95F8-5A3C796D2741}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C6385A81-6623-4702-81F9-9C2451EE5725}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C67181C1-EF56-4449-BDFE-ABA3C9959BDF}" = dir=out | name=getting started with windows 8 | 
"{C7A510D5-DDED-4B34-8DCD-354CC2BE40E3}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{C8822745-4C34-4308-8E51-2B66CD05D7A9}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{CD903669-3B7E-4DB4-9DB4-B585EC873796}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CFCFB85A-F98A-4871-B68F-11CE1B1A7408}" = dir=in | app=c:\program files (x86)\audials\audials 11\audials.exe | 
"{D112511A-6C1D-4555-B1D2-D36AFB37EFA7}" = dir=out | name=skype | 
"{D3F1AF59-412F-4653-8AE6-E6CEA1B2795E}" = dir=out | name=sonicwall mobile connect | 
"{D584F3AA-2761-4CB0-9DDE-63C0F4AF0910}" = dir=in | name=microsoft mahjong | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D6A97B26-6AD9-4E99-829E-54505F9A60A2}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 
"{D7F84947-13B2-4013-AAF3-A57C9FE08C14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC89F97F-53CA-474B-9C32-0B15FD4865B8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DCCE9C8C-8875-47BD-B639-1A9C6C9FA4F2}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{DD05B7B7-F147-4408-AAA7-4A878156B282}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF521E90-18B1-45D0-B90E-ED5A8021983B}" = dir=out | name=sonicwall mobile connect | 
"{E04950B6-0A8D-409E-84E2-C209BDCD759F}" = dir=in | name=microsoft mahjong | 
"{E1FBA719-C0CC-457A-A17F-8641FC7A9960}" = dir=out | name=hp registration | 
"{E3A32DD6-E018-4E34-AD77-9A6C410DD70B}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E789E738-FA7C-4EE6-99BF-9F7CB071E344}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9633636-46FA-42E1-B9C6-E83BFB4D1612}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{EA5B7F84-A7AE-47E8-BA26-472AE8A2074D}" = dir=in | name=sonicwall mobile connect | 
"{EB42D19F-217E-4837-BFE9-470094970037}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EEE85BA4-EF6E-4C95-BD0B-C666463189FF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F07376E9-904C-40AB-809F-8429E0398AA3}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{F1AD2975-BAF1-42A8-A1F8-197B6F1234CA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F4961B96-C07F-4247-9EDA-6CEF518D6A22}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{F4ED8DFF-288D-4BF5-9A02-152AB06FFE02}" = dir=in | name=microsoft solitaire collection | 
"{F543862F-FB9C-4325-8DFC-6180CFF1CDA7}" = dir=out | name=check point vpn | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 | 
"{F76206BB-EC5D-4EF2-BF67-9FE9BCE98058}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F77AFA08-CD2B-404F-BC6A-DF4961495C40}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F92B5C8D-CD03-475F-A477-7B0338CBE6FF}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{FB83DF4A-FD2E-4751-81B9-26ADC84938C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FF44D407-D224-4D13-92B1-2BC7547AE903}" = dir=in | name=juniper networks junos pulse | 
"{FF6636CF-E072-4A67-B861-AFD65D97BAC5}" = dir=out | name=kindle | 
"{FFCD71C0-819F-4F3E-A5B1-7EAA40F768A3}" = dir=out | name=norton studio | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2368907C-E8F6-4750-A023-254C3E2B5E8D}" = Classic Shell
"{25427DA3-EBB7-B260-CD05-9E18F2F8E9F7}" = Ralink Bluetooth Stack64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}" = Adblock Plus for IE (32-bit and 64-bit)
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"75BD84FDFF77342C2A347F729669CBD84CE11B04" = Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"EditPad Lite" = EditPad Lite 7.2.2
"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
"MediaInfo" = MediaInfo 0.7.65
"Send To Toys_is1" = Send To Toys v2.7
"VLC media player" = VLC media player 2.1.4
"WinRAR archiver" = WinRAR 5.00 beta 8 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03 
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}" = Media Go Video Playback Engine 2.0.113.09020
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{633A0911-77AE-4B18-BEF0-F46EC8CF54EA}" = WORDsearch Basic
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}" = SlimCleaner
"{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}" = HP Connected Backup
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8D92969D-A6A3-44C8-9D63-D377E94F44B5}" = Media Go
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB51721D-9716-429C-B311-DCEC0ECA49D0}" = honestech VHS to DVD 5.0 Deluxe
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{DF83FFB3-D4E3-4A9B-9775-3982D23208B0}" = Audials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{fd97d1e2-368a-4cd9-af63-8eeff938044a}" = Adblock Plus for IE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AdFender" = AdFender
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Any Video Converter_is1" = Any Video Converter 5.5.5
"Audacity_is1" = Audacity 2.0.3
"Debut" = Debut Video Capture Software
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"Freemake Video Converter_is1" = Freemake Video Converter version 4.1.2
"GoldenVideos" = Golden Videos
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9.1
"iLuminaPremium" = iLumina Gold Premium
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"IObit Unlocker_is1" = IObit Unlocker
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4480)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.0.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NST" = Norton Identity Safe
"Opera 19.0.1326.59" = Opera Stable 19.0.1326.59
"Slice" = Slice Audio File Splitter
"Smart Defrag 3_is1" = Smart Defrag 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Switch" = Switch Sound File Converter
"Tomlein.Synkron_is1" = Synkron 1.6.2
"WinLiveSuite" = Windows Live Essentials
"WORDsearch Basic" = WORDsearch Basic
"WordWeb" = WordWeb
"WRUNINST" = Webroot SecureAnywhere
"ZSoft Uninstaller" = ZSoft Uninstaller 2.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/11/2014 5:59:42 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5750
 
Error - 3/11/2014 5:59:43 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/11/2014 5:59:43 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6906
 
Error - 3/11/2014 5:59:43 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6906
 
Error - 3/11/2014 5:59:44 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/11/2014 5:59:44 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8062
 
Error - 3/11/2014 5:59:44 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8062
 
Error - 3/11/2014 5:59:45 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/11/2014 5:59:45 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9250
 
Error - 3/11/2014 5:59:45 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9250
 
Error - 3/11/2014 6:12:54 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time
 stamp: 0x500cb70a  Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp:
 0x50123d74  Exception code: 0xc0000094  Fault offset: 0x0000c12d  Faulting process id:
 0x2370  Faulting application start time: 0x01cf3b128bc62480  Faulting application path:
 C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
Faulting
 module path: c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
Report
 Id: 4aa9ff0e-a96a-11e3-beaf-689423099ede  Faulting package full name:   Faulting package-relative
 application ID: 
 
[ System Events ]
Error - 3/7/2014 1:56:25 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 1:56:55 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 1:57:25 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 11:57:29 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 11:57:29 PM | Computer Name = HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/8/2014 7:15:19 AM | Computer Name = HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.
 
Error - 3/8/2014 7:15:19 AM | Computer Name = HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 3/8/2014 7:15:19 AM | Computer Name = HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.
 
Error - 3/8/2014 7:18:01 AM | Computer Name = HP | Source = Service Control Manager | ID = 7034
Description = The BlueSoleilCS service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 3/8/2014 11:00:01 AM | Computer Name = HP | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:52 PM, on 3/13/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
 
Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\AdFender\AdFender.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\A Lamar\Desktop\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" /EF "HKCU"
O4 - Global Startup: AdFender.lnk = C:\Program Files (x86)\AdFender\AdFender.exe
O4 - Global Startup: Synkron.lnk = C:\Program Files (x86)\Synkron\Synkron.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
 
--
End of file - 14042 bytes
 
 
 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 March 2014 - 09:40 AM

Hi leader2,

Sorry for the delay in responding to your thread ...

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
 
bullseye_zpse9eaf36e.gif Re-run OTL, but this time place a check mark in the box that reads Scan All Users.
 
OTLGUIallusers_zps57e4ec2f.gif

=========================

In your next post please provide the following:

  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 18 March 2014 - 02:10 PM

Thanks for your reply. I appreciate your help OCD. It's ok about the delay as I know the helpers here are very busy. I will try to follow all of your instructions well. Here are my logs as you requested EXCEPT for some reason the MBR.dat didn't appear on my desktop so I couldn't attach it here at all for you. Sorry for this, I ran it as directed, maybe it's my opsys again.

 

 

  • checkup.txt

 Results of screen317's Security Check version 0.99.80  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Webroot SecureAnywhere   
Windows Defender         
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 SlimCleaner     
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (27.0) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
  • aswMBR.txt

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-03-18 13:42:35
-----------------------------
13:42:35.838    OS Version: Windows x64 6.2.9200 
13:42:35.838    Number of processors: 4 586 0x3A09
13:42:35.839    ComputerName: HP  UserName: 
13:42:36.126    Initialze error 1 
13:45:53.619    AVAST engine defs: 14031801
13:46:00.081    Service scanning
13:46:00.657    Modules scanning
13:46:00.661    Disk 0 trace - called modules:
13:46:00.683    
13:46:00.687    AVAST engine scan C:\WINDOWS
13:46:00.691    AVAST engine scan C:\WINDOWS\system32
13:46:00.696    AVAST engine scan C:\WINDOWS\system32\drivers
13:46:00.700    AVAST engine scan C:\Users\White
13:46:00.705    AVAST engine scan C:\ProgramData
13:46:00.708    Scan finished successfully
13:46:13.878    The log file has been saved successfully to "C:\Users\White\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-18 13:42:35
-----------------------------
13:42:35.838    OS Version: Windows x64 6.2.9200 
13:42:35.838    Number of processors: 4 586 0x3A09
13:42:35.839    ComputerName: HP  UserName: 
13:42:36.126    Initialze error 1 
13:45:53.619    AVAST engine defs: 14031801
13:46:00.081    Service scanning
13:46:00.657    Modules scanning
13:46:00.661    Disk 0 trace - called modules:
13:46:00.683    
13:46:00.687    AVAST engine scan C:\WINDOWS
13:46:00.691    AVAST engine scan C:\WINDOWS\system32
13:46:00.696    AVAST engine scan C:\WINDOWS\system32\drivers
13:46:00.700    AVAST engine scan C:\Users\White
13:46:00.705    AVAST engine scan C:\ProgramData
13:46:00.708    Scan finished successfully
13:46:13.878    The log file has been saved successfully to "C:\Users\White\Desktop\aswMBR.txt"
13:48:16.080    The log file has been saved successfully to "C:\Users\White\Desktop\aswMBR.txt"
  •  

  • OTL.txt

 

OTL logfile created on: 3/18/2014 1:50:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A Lamar\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 40.20% Memory free
8.31 Gb Paging File | 2.70 Gb Available in Paging File | 32.53% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.39 Gb Total Space | 10.85 Gb Free Space | 0.59% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 1.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 14.83 Gb Total Space | 9.76 Gb Free Space | 65.80% Space Free | Partition Type: FAT32
Drive K: | 2794.51 Gb Total Space | 518.73 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive M: | 931.28 Gb Total Space | 72.12 Gb Free Space | 7.74% Space Free | Partition Type: FAT32
Drive O: | 3725.90 Gb Total Space | 1465.59 Gb Free Space | 39.34% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\A Lamar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit)
PRC - C:\Program Files\Webroot\WRSA.exe (Webroot)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
PRC - C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Windows\wweb32.dll ()
MOD - C:\Program Files (x86)\WordWeb\wwextdb.dll ()
MOD - C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (HPConnectedRemote) -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RrNetCapFilterDriver) -- C:\Windows\SysNative\drivers\RrNetCapFilterDriver.sys (Audials AG)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (hpvision) -- C:\Windows\SysNative\drivers\hp64vision.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (VNUSB) -- C:\Windows\SysNative\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV - (IObitUnlocker) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys (IObit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2014/03/13 12:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webrootsecure@webroot.com: C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014/03/07 09:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2014/01/30 00:31:49 | 000,000,000 | ---D | M]
 
[2013/12/24 08:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\White\AppData\Roaming\mozilla\Extensions
[2014/01/17 11:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\White\AppData\Roaming\mozilla\Firefox\Profiles\pk216cnh.default\extensions
[2014/01/17 11:14:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\White\AppData\Roaming\mozilla\Firefox\Profiles\pk216cnh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/17 04:47:02 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\White\AppData\Roaming\mozilla\firefox\profiles\pk216cnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/17 02:25:05 | 000,000,916 | ---- | M] () -- C:\Users\White\AppData\Roaming\mozilla\firefox\profiles\pk216cnh.default\searchplugins\yahoo_ff.xml
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: CommentBlocker = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkjhnbkeibefoijmacgnnkddlkkmjaf\1.0.20_0\
CHR - Extension: F.B. Purity Cleans Up Facebook = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.6.0.2_0\
CHR - Extension: Google Wallet = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Norton Identity Safe for Google Chromeâ„¢ = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.7.0.26_0\
CHR - Extension: Gmail = C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/24 22:41:15 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [Amazon Cloud Player] C:\Users\White\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 545" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O4 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D8532E-0BB6-4BAD-AFC1-7180316A1809}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2a5b9ec-23a2-11ff-be6d-689423099ede}\Shell - "" = AutoRun
O33 - MountPoints2\{d2a5b9ec-23a2-11ff-be6d-689423099ede}\Shell\AutoRun\command - "" = "J:\LaunchU3.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2038/09/13 09:48:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2038/09/13 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\Macromedia
[2038/09/13 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2038/09/13 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\Virtual Machines
[2038/09/13 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\VideoPad Projects
[2038/09/13 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\VHS to DVD
[2038/09/13 09:24:19 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\Naturalsoft
[2038/09/13 09:24:19 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\My CamStudio Temp Files
[2038/09/13 09:24:19 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\iDealshare VideoGo
[2038/09/13 09:24:12 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\CyberLink
[2038/09/13 09:23:27 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\Hewlett-Packard
[2038/09/13 09:22:34 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\ConvertXtoDVD
[2038/09/13 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\Power2Go8
[2038/09/13 09:21:44 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\Bluetooth
[2038/09/13 09:21:44 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\bluesoleil
[2038/09/13 09:21:22 | 000,000,000 | R--D | C] -- C:\Users\White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2038/09/13 09:21:22 | 000,000,000 | R--D | C] -- C:\Users\White\Searches
[2038/09/13 09:21:22 | 000,000,000 | R--D | C] -- C:\Users\White\Contacts
[2038/09/13 09:21:22 | 000,000,000 | R--D | C] -- C:\Users\White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2038/09/13 09:21:22 | 000,000,000 | -H-D | C] -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2038/09/13 09:21:18 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\Adobe
[2038/09/13 09:21:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2038/09/13 09:20:44 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\VirtualStore
[2038/09/13 09:20:39 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\Packages
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Videos
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Saved Games
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Pictures
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Music
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Links
[2038/09/13 09:20:36 | 000,000,000 | R--D | C] -- C:\Users\White\Downloads
[2038/09/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Users\White\Documents\hp.system.package.metadata
[2038/09/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Users\White\Documents\hp.applications.package.appdata
[2038/09/13 09:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2038/09/13 07:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SymSilent
[2038/09/13 07:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2038/09/13 07:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64
[2038/09/13 07:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2038/09/13 07:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2038/09/13 07:53:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2038/09/13 07:53:20 | 000,000,000 | R--D | C] -- C:\Program Files\Online Services
[2038/09/13 07:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\en
[2038/09/13 07:52:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2038/09/13 07:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2038/09/13 07:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2038/09/13 07:52:19 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAudio2_5.dll
[2038/09/13 07:52:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAPOFX1_3.dll
[2038/09/13 07:52:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx9_32.dll
[2038/09/13 07:52:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx9_32.dll
[2038/09/13 07:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2038/09/13 07:50:29 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:46:01 | 000,092,536 | ---- | C] (CyberLink) -- C:\WINDOWS\SysNative\drivers\CLVirtualDrive.sys
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2038/09/13 07:45:16 | 000,377,344 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbrprtmon.dll
[2038/09/13 07:45:16 | 000,355,840 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmon.dll
[2038/09/13 07:45:16 | 000,170,496 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmonui.dll
[2038/09/13 07:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HPConnectedMusic
[2038/09/13 07:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Autonomy
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autonomy
[2038/09/13 07:43:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Online Services
[2038/09/13 07:43:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[2038/09/13 07:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2038/09/13 07:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2038/09/13 07:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2038/09/13 07:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2038/09/13 07:42:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2038/09/13 07:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2038/09/13 07:40:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2038/09/13 07:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{AFF99647-6D64-46F2-934A-F12F468037F6}
[2038/09/13 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2038/09/13 07:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink Corporation
[2038/09/13 07:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2038/09/13 07:37:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2038/09/13 07:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2038/09/13 07:37:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2038/09/13 07:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2038/09/13 07:36:16 | 000,117,248 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\HPMUIDir.exe
[2038/09/13 07:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2038/09/13 07:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2038/09/13 07:32:30 | 006,085,632 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2038/09/13 07:32:30 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2038/09/13 07:32:30 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2038/09/13 07:32:30 | 000,224,256 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2038/09/13 07:32:30 | 000,037,888 | ---- | C] (Hewlett-Packard ) -- C:\WINDOWS\SysNative\Beats64.exe
[2038/09/13 07:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SoundResearch
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/03/18 13:38:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\White\Desktop\aswMBR.exe
[2014/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synkron
[2014/03/13 22:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synkron
[2014/03/12 23:54:28 | 001,643,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/03/12 23:54:27 | 001,507,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/03/12 23:54:22 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/03/12 23:54:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/03/12 23:54:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/03/12 23:54:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/03/12 23:54:21 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/03/12 23:54:15 | 006,640,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/03/12 23:54:15 | 005,770,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/03/12 23:54:15 | 002,133,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/03/12 23:54:14 | 004,175,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll
[2014/03/12 23:54:14 | 002,143,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/03/12 23:54:14 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/03/12 23:54:14 | 001,371,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/03/12 23:54:14 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/03/12 23:54:14 | 000,764,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/03/12 23:54:14 | 000,669,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/03/12 23:54:13 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2014/03/12 23:54:13 | 001,486,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll
[2014/03/12 23:54:13 | 001,238,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll
[2014/03/12 23:54:13 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/03/12 23:54:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/03/12 23:54:13 | 000,458,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WerFault.exe
[2014/03/12 23:54:13 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppcomapi.dll
[2014/03/12 23:54:13 | 000,408,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WerFault.exe
[2014/03/12 23:54:13 | 000,407,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Faultrep.dll
[2014/03/12 23:54:13 | 000,369,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Faultrep.dll
[2014/03/12 23:54:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2014/03/12 23:54:13 | 000,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/03/12 23:54:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2014/03/12 23:54:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWWIN.EXE
[2014/03/12 23:54:13 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DWWIN.EXE
[2014/03/12 23:54:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/03/12 23:54:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/03/12 23:54:06 | 000,236,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/03/12 23:54:06 | 000,124,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2014/03/12 23:54:06 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/03/12 23:54:03 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014/03/12 23:54:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/03/04 22:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/04 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Setup
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2014/03/02 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2014/02/24 16:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2014/02/21 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2014/02/21 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\VSO
[2014/02/20 23:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2014/02/20 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2014/02/20 16:12:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/20 16:12:39 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\MFAData
[2014/02/20 16:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/20 16:12:39 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\Avg2014
[2014/02/18 05:33:30 | 000,000,000 | ---D | C] -- C:\Users\White\Desktop\SONY MP3 CD
[2014/02/17 09:14:18 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014/02/17 09:14:18 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014/02/17 09:14:18 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014/02/17 09:14:17 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014/02/17 09:14:10 | 003,210,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014/02/17 09:14:09 | 018,577,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/02/17 09:14:09 | 002,804,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014/02/17 09:14:04 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/02/17 09:14:03 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/02/17 09:14:02 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/02/17 09:13:58 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/02/17 09:13:58 | 001,374,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/02/17 09:13:57 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/02/17 09:13:56 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/02/17 09:13:56 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/02/17 09:13:55 | 000,809,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014/02/17 09:13:55 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/02/17 09:13:55 | 000,032,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/02/17 09:13:54 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/02/17 09:13:54 | 000,745,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2014/02/17 09:13:54 | 000,663,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014/02/17 09:13:54 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2014/02/17 09:13:54 | 000,461,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/02/17 09:13:53 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2014/02/17 09:13:53 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll
[2014/02/17 09:13:53 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014/02/17 09:13:52 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014/02/17 09:13:52 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014/02/17 09:13:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll
[2014/02/17 09:13:51 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/02/17 09:13:51 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/02/17 09:13:51 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/02/17 09:13:51 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bi.dll
[2014/02/17 09:13:50 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014/02/17 09:13:50 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014/02/17 09:13:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014/02/17 09:13:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceregistration.dll
[2014/02/17 08:56:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014/02/17 08:56:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/02/17 08:56:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/02/17 08:56:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/02/17 08:56:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/02/17 08:56:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/02/17 08:56:05 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/02/17 08:56:05 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/02/17 08:56:05 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/02/17 08:56:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/02/17 08:56:02 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/02/17 08:56:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014/02/17 08:56:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/02/17 08:55:59 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/02/17 08:55:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/02/17 08:55:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/02/17 08:53:34 | 013,209,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/02/17 08:53:34 | 011,702,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/02/17 08:53:34 | 007,416,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/02/17 08:53:33 | 004,961,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/02/17 08:53:33 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/02/17 08:53:32 | 001,462,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/02/17 08:23:16 | 004,217,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/02/17 08:23:16 | 002,804,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/02/17 08:23:16 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/02/17 08:23:16 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/02/17 08:23:16 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/02/17 08:23:16 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/02/17 08:23:15 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/02/17 08:23:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/02/17 08:23:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/02/17 07:20:57 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014/02/17 07:20:23 | 004,604,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014/02/17 07:20:23 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014/02/17 06:11:45 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/02/17 06:02:50 | 001,113,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/02/17 05:55:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaui.exe
[2014/02/17 05:55:24 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pcaui.exe
[2014/02/17 05:05:20 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Local\{5D35BA2F-05E3-47B9-8499-BEC1DAAC3BEC}
[2014/02/17 02:25:20 | 000,000,000 | ---D | C] -- C:\Users\White\.swt
[2014/02/17 02:25:03 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\Search Protection
[2014/02/17 02:24:44 | 000,000,000 | ---D | C] -- C:\Users\White\AppData\Roaming\Azureus
[2014/02/17 02:24:37 | 000,000,000 | ---D | C] -- C:\Users\White\Documents\Vuze Downloads
 
========== Files - Modified Within 30 Days ==========
 
[2038/09/13 09:41:29 | 000,001,430 | ---- | M] () -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2038/09/13 09:41:29 | 000,000,223 | -HS- | M] () -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:57:35 | 000,018,630 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:50:27 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:39:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\0
[2014/03/18 13:47:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/18 13:39:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_White.job
[2014/03/18 13:39:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_White.job
[2014/03/18 13:38:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\White\Desktop\aswMBR.exe
[2014/03/18 13:38:11 | 000,987,442 | ---- | M] () -- C:\Users\White\Desktop\SecurityCheck.exe
[2014/03/18 13:13:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_A Lamar.job
[2014/03/18 13:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/18 13:10:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_A Lamar.job
[2014/03/18 03:32:15 | 000,004,524 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/03/18 03:31:50 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/16 20:06:15 | 000,000,821 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/03/16 20:03:10 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/03/16 20:00:08 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/16 16:01:28 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/16 16:01:28 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/16 16:01:28 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/14 20:04:22 | 000,000,885 | ---- | M] () -- C:\Users\White\Desktop\P - Shortcut.lnk
[2014/03/14 11:09:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/14 11:09:35 | 2465,050,623 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/13 12:36:12 | 000,496,256 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/10 18:17:22 | 000,128,288 | ---- | M] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll
[2014/03/08 17:15:59 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/03/08 07:42:47 | 000,154,248 | ---- | M] (Webroot) -- C:\WINDOWS\SysWow64\WRusr.dll
[2014/03/08 07:42:47 | 000,115,168 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\drivers\WRkrn.sys
[2014/03/08 07:42:47 | 000,105,320 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\WRusr.dll
[2014/03/06 06:39:45 | 000,002,470 | ---- | M] () -- C:\Users\White\Desktop\DE3IK(GOOGLEVOICE) - Chrome.lnk
[2014/03/06 06:39:45 | 000,002,470 | ---- | M] () -- C:\Users\White\Desktop\DE3IK (FACEBOOK) - Chrome.lnk
[2014/03/06 06:39:45 | 000,002,470 | ---- | M] () -- C:\Users\White\Desktop\A LAMAR - Chrome.lnk
[2014/03/06 06:39:45 | 000,002,426 | ---- | M] () -- C:\Users\White\Desktop\atrandom97 (YOUTUBE) - Chrome.lnk
[2014/03/06 06:39:28 | 000,002,265 | ---- | M] () -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/04 22:17:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\eFax_4_4_Port
[2014/03/04 18:53:05 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/04 18:53:04 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/03/01 00:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/02/28 23:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/02/28 23:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/02/28 22:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/02/28 22:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/02/24 16:26:51 | 000,001,131 | ---- | M] () -- C:\Users\White\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/19 01:51:10 | 000,000,892 | ---- | M] () -- C:\Users\White\Desktop\TV SHOWS - Shortcut.lnk
[2014/02/17 02:26:01 | 000,023,838 | ---- | M] () -- C:\Users\White\Documents\[kickass.to]nba.all.star.weekend.2014.14.15.feb.rsc.as.saturday.night.720p.torrent
 
========== Files Created - No Company Name ==========
 
[2038/09/13 09:41:29 | 000,001,430 | ---- | C] () -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2038/09/13 09:22:34 | 000,780,288 | ---- | C] () -- C:\Users\White\Documents\NMT CALENDAR JANUARY 2014   PASTOR BLANK COPY.pub
[2038/09/13 09:22:34 | 000,002,326 | ---- | C] () -- C:\Users\White\Documents\My Movie.wlmp
[2038/09/13 09:20:36 | 000,000,223 | -HS- | C] () -- C:\Users\White\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2038/09/13 09:18:56 | 2465,050,623 | -HS- | C] () -- C:\hiberfil.sys
[2038/09/13 09:17:24 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2038/09/13 07:57:35 | 000,018,630 | ---- | C] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:57:16 | 000,004,524 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2038/09/13 07:57:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2038/09/13 07:52:53 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2038/09/13 07:52:49 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2038/09/13 07:45:11 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
[2038/09/13 07:42:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[2038/09/13 07:41:15 | 000,024,376 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\cpqdfw.sys
[2038/09/13 07:39:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\0
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2014/03/18 13:38:11 | 000,987,442 | ---- | C] () -- C:\Users\White\Desktop\SecurityCheck.exe
[2014/03/14 20:04:22 | 000,000,885 | ---- | C] () -- C:\Users\White\Desktop\P - Shortcut.lnk
[2014/03/12 23:54:13 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/02/24 16:26:51 | 000,001,131 | ---- | C] () -- C:\Users\White\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/19 01:51:10 | 000,000,892 | ---- | C] () -- C:\Users\White\Desktop\TV SHOWS - Shortcut.lnk
[2014/02/17 08:53:32 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/02/17 08:53:32 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/02/17 02:26:00 | 000,023,838 | ---- | C] () -- C:\Users\White\Documents\[kickass.to]nba.all.star.weekend.2014.14.15.feb.rsc.as.saturday.night.720p.torrent
[2014/01/30 00:31:50 | 002,927,360 | ---- | C] () -- C:\WINDOWS\wweb32.dll
[2014/01/24 15:16:31 | 000,001,779 | ---- | C] () -- C:\Users\White\AL MAXTHON Cache.lnk
[2014/01/24 15:12:12 | 000,001,024 | ---- | C] () -- C:\Users\White\EL Prefetch - Shortcut.lnk
[2014/01/24 15:12:09 | 000,000,984 | ---- | C] () -- C:\Users\White\EL Temp - Shortcut.lnk
[2014/01/24 06:13:50 | 000,004,096 | -H-- | C] () -- C:\Users\White\AppData\Local\keyfile3.drm
[2014/01/17 11:41:32 | 000,001,397 | ---- | C] () -- C:\Users\White\AL TEMP.lnk
[2014/01/17 11:40:39 | 000,001,024 | ---- | C] () -- C:\Users\White\AL PREFETCH.lnk
[2014/01/17 11:01:02 | 000,091,136 | ---- | C] () -- C:\WINDOWS\SendToClip.exe
[2014/01/17 06:35:18 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/15 19:08:57 | 000,078,358 | ---- | C] () -- C:\Users\White\AppData\Roaming\Debut.dmp
[2013/12/24 13:09:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2013/12/24 10:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/12/24 08:18:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/12/24 02:16:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2013/12/24 02:16:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2013/12/24 02:16:05 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lagarith.dll
[2013/12/24 02:16:04 | 000,217,176 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/12/24 02:16:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013/12/23 19:24:40 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/21 15:53:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/21 15:52:58 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/21 15:52:56 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/30 13:22:52 | 000,000,821 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/07/27 17:50:34 | 000,333,312 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/07/10 21:04:10 | 000,062,976 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/07/10 20:59:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/07/10 20:26:44 | 000,090,208 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/07/10 20:26:44 | 000,086,108 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/07/10 20:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/07/10 20:26:44 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/07/10 20:26:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/06/13 11:45:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\SysWow64\SROF.dll
[2012/06/05 00:31:00 | 000,000,417 | ---- | C] () -- C:\WINDOWS\SysWow64\RaoBLE.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 07:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 04:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >

 



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 March 2014 - 05:15 PM

Hi leader2,

Can you recall when you first started encountering these issues?
Please check the date and time setting of the computer and verify it is set correctly.

=========================

bullseye_zpse9eaf36e.gif Multiple Anti-Virus Programs Installed

I notice that you have multiple Anti-Virus programs installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.
  • Webroot SecureAnywhere
  • Windows Defender
Please uninstall any one (1) (which ever you prefer), but since Webroot is most likely a paid product I would keep that and disable Windows Defender using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
  • Webroot SecureAnywhere
  • Windows Defender
=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
    FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [resethost]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

bullseye_zpse9eaf36e.gif RogueKiller

Download to your desktop RogueKiller (by tigzy)
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

In your next post please provide the following:
  • Answer to questions
  • OTL fix log
  • Fresh OTL.txt
  • RKreport

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 19 March 2014 - 06:16 PM

Answer to questions
 

I'm not sure when the problem exactly started happening, but I believe it's been about a month or two ago. 
 
The time and date are correct on my computer. After reading your reply I synced the computer's time clock with time.nist.gov and it updated properly.
 
I tried to uninstall Windows Defender, but on my Win 8.1 machine it didn't show up as being in the uninstall panel at all. It said was turned off actually and I couldn't access it when I tried to turn it on. Please tell me if there is another way to uninstall it.
 
OTL fix log
 

All processes killed
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\A Lamar\Desktop\cmd.bat deleted successfully.
C:\Users\A Lamar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: A Lamar
->Temp folder emptied: 215341455 bytes
->Temporary Internet Files folder emptied: 396849 bytes
->FireFox cache emptied: 4565865 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1638 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Eurceliakins
->Temp folder emptied: 897462 bytes
->Temporary Internet Files folder emptied: 163600342 bytes
->Google Chrome cache emptied: 345146919 bytes
->Flash cache emptied: 691 bytes
 
User: Public
 
User: White
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 18419 bytes
->FireFox cache emptied: 4936687 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 595 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69836 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 701.00 mb
 
 
[EMPTYJAVA]
 
User: A Lamar
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Eurceliakins
 
User: Public
 
User: White
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: A Lamar
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Eurceliakins
->Flash cache emptied: 0 bytes
 
User: Public
 
User: White
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Error: Unable to interpret <[resethost]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03192014_195453
 
Files\Folders moved on Reboot...
File\Folder C:\Users\A Lamar\AppData\Local\Temp\~DF04B2EBA6CD1B91EE.TMP not found!
File\Folder C:\Users\A Lamar\AppData\Local\Temp\~DF278C9164B19208C5.TMP not found!
File\Folder C:\Users\A Lamar\AppData\Local\Temp\~DF5A55C80AECBDEF67.TMP not found!
File\Folder C:\Users\A Lamar\AppData\Local\Temp\~DFD8CFF11E83962CEA.TMP not found!
File\Folder C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF0001.tmp not found!
File\Folder C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS0000.tmp not found!
C:\Users\A Lamar\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File\Folder C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\IE\OWCLBDO8\px[2].htm not found!
File\Folder C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\IE\EQWRZ410\set-lotame-user-data[1].htm not found!
File\Folder C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\IE\727X9QRF\rt=ifr[2].htm not found!
File\Folder C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\IE\WPF2E08.tmp not found!
C:\Users\White\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\UploadUI.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Fresh OTL.txt
 

OTL logfile created on: 3/19/2014 8:02:39 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\A Lamar\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 74.75% Memory free
8.26 Gb Paging File | 6.14 Gb Available in Paging File | 74.36% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.39 Gb Total Space | 6.71 Gb Free Space | 0.36% Space Free | Partition Type: NTFS
Drive D: | 10.81 Gb Total Space | 1.27 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 14.83 Gb Total Space | 9.76 Gb Free Space | 65.80% Space Free | Partition Type: FAT32
Drive K: | 2794.51 Gb Total Space | 518.24 Gb Free Space | 18.55% Space Free | Partition Type: NTFS
Drive M: | 931.28 Gb Total Space | 72.12 Gb Free Space | 7.74% Space Free | Partition Type: FAT32
Drive O: | 3725.90 Gb Total Space | 1465.10 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
 
Computer Name: HP | User Name: A Lamar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\A Lamar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\WRSA.exe (Webroot)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (HPConnectedRemote) -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RrNetCapFilterDriver) -- C:\Windows\SysNative\drivers\RrNetCapFilterDriver.sys (Audials AG)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DE06000.01B\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (hpvision) -- C:\Windows\SysNative\drivers\hp64vision.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (VNUSB) -- C:\Windows\SysNative\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV - (IObitUnlocker) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys (IObit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{91FDD715-9FCF-4967-9B30-6AA09534F2C2}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [2014/03/19 19:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webrootsecure@webroot.com: C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014/03/07 09:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/12/26 13:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Extensions
[2014/01/03 13:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions
[2014/01/03 13:17:25 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:17:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:17:39 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:17:21 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\addon@freecorder.com
[2014/01/03 13:17:21 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\ywb@cqimkfk.co.uk
[2014/01/03 13:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions
[2014/01/03 13:17:03 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:17:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:17:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:16:58 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\addon@freecorder.com
[2014/01/03 13:16:58 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\ywb@cqimkfk.co.uk
[2014/01/03 13:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions
[2014/01/03 13:15:19 | 000,000,000 | ---D | M] (DivX Browser Bar) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
[2014/01/03 13:15:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/03 13:15:33 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2014/01/03 13:15:14 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\addon@freecorder.com
[2014/01/03 13:15:14 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\ywb@cqimkfk.co.uk
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\healthreport\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2013/08/15 00:31:44 | 000,354,970 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\client@anonymox.net.xpi
[2013/08/15 00:31:44 | 001,343,603 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\readable@evernote.com.xpi
[2012/12/26 16:44:16 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\testpilot@labs.mozilla.com.xpi
[2013/06/25 20:54:25 | 000,347,599 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\translator@dontfollowme.net.xpi
[2013/07/21 13:02:33 | 000,008,984 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/26 09:19:19 | 000,111,726 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2013/01/05 08:29:08 | 000,556,618 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ceff3aa1-bfdc-f434-c52d-922216a9cdf5}.xpi
[2013/08/01 13:26:52 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/20 21:28:14 | 000,555,916 | ---- | M] () (No name found) -- C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\storage\extensions\{ef914f7f-701e-b874-85f8-9a53e30326d5}.xpi
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/10 15:08:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/01/17 04:56:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Webroot Filtering Extension = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.0.0.26_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.2.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.4.11_0\
CHR - Extension: Norton Identity Protection = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.4.11_1\
CHR - Extension: No name found = C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/24 22:41:15 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eFax 4.4] C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" /EF "HKCU" File not found
O4 - HKCU..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D8532E-0BB6-4BAD-AFC1-7180316A1809}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2a5b9ec-23a2-11ff-be6d-689423099ede}\Shell - "" = AutoRun
O33 - MountPoints2\{d2a5b9ec-23a2-11ff-be6d-689423099ede}\Shell\AutoRun\command - "" = "J:\LaunchU3.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2038/09/13 09:48:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2038/09/13 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2038/09/13 09:21:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2038/09/13 09:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2038/09/13 07:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SymSilent
[2038/09/13 07:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2038/09/13 07:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64
[2038/09/13 07:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2038/09/13 07:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2038/09/13 07:53:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2038/09/13 07:53:20 | 000,000,000 | R--D | C] -- C:\Program Files\Online Services
[2038/09/13 07:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\en
[2038/09/13 07:52:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2038/09/13 07:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2038/09/13 07:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2038/09/13 07:52:19 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAudio2_5.dll
[2038/09/13 07:52:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx10_42.dll
[2038/09/13 07:52:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XAPOFX1_3.dll
[2038/09/13 07:52:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3dx9_32.dll
[2038/09/13 07:52:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3dx9_32.dll
[2038/09/13 07:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2038/09/13 07:50:29 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:46:01 | 000,092,536 | ---- | C] (CyberLink) -- C:\WINDOWS\SysNative\drivers\CLVirtualDrive.sys
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE
[2038/09/13 07:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2038/09/13 07:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2038/09/13 07:45:16 | 000,377,344 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbrprtmon.dll
[2038/09/13 07:45:16 | 000,355,840 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmon.dll
[2038/09/13 07:45:16 | 000,170,496 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\hpbprtmonui.dll
[2038/09/13 07:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HPConnectedMusic
[2038/09/13 07:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Autonomy
[2038/09/13 07:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autonomy
[2038/09/13 07:43:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Online Services
[2038/09/13 07:43:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[2038/09/13 07:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2038/09/13 07:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2038/09/13 07:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2038/09/13 07:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2038/09/13 07:42:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2038/09/13 07:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2038/09/13 07:40:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2038/09/13 07:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{AFF99647-6D64-46F2-934A-F12F468037F6}
[2038/09/13 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2038/09/13 07:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink Corporation
[2038/09/13 07:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2038/09/13 07:37:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2038/09/13 07:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2038/09/13 07:37:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2038/09/13 07:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2038/09/13 07:36:16 | 000,117,248 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\SysNative\HPMUIDir.exe
[2038/09/13 07:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2038/09/13 07:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2038/09/13 07:32:30 | 006,085,632 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
[2038/09/13 07:32:30 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\IDTNC64.cpl
[2038/09/13 07:32:30 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray64.exe
[2038/09/13 07:32:30 | 000,224,256 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\HPToneCtrls64.dll
[2038/09/13 07:32:30 | 000,037,888 | ---- | C] (Hewlett-Packard ) -- C:\WINDOWS\SysNative\Beats64.exe
[2038/09/13 07:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SoundResearch
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2038/09/13 07:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/03/19 19:54:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/18 11:09:30 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014/03/18 11:09:29 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014/03/18 11:09:29 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014/03/18 11:09:28 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/03/18 11:09:27 | 000,749,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014/03/18 11:09:25 | 013,949,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/03/18 11:09:24 | 018,576,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/03/18 11:09:23 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/03/18 11:09:23 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014/03/18 11:09:23 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014/03/18 11:09:21 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/03/18 11:09:21 | 000,802,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/03/18 11:09:19 | 000,914,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/03/18 11:09:19 | 000,481,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2014/03/18 11:09:18 | 000,770,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/03/18 11:09:17 | 000,842,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll
[2014/03/18 11:09:17 | 000,381,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2014/03/18 11:09:16 | 000,419,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hal.dll
[2014/03/18 11:09:16 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/03/18 11:09:15 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014/03/18 11:09:14 | 000,947,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2014/03/18 11:09:13 | 001,720,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2014/03/18 11:09:13 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll
[2014/03/18 11:09:13 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sti.dll
[2014/03/18 11:09:13 | 000,131,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easinvoker.exe
[2014/03/18 11:09:12 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\easwrt.dll
[2014/03/18 11:09:12 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\easwrt.dll
[2014/03/13 22:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synkron
[2014/03/13 22:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synkron
[2014/03/13 20:09:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\A Lamar\Desktop\HiJackThis.exe
[2014/03/13 20:08:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A Lamar\Desktop\OTL.exe
[2014/03/12 23:54:28 | 001,643,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/03/12 23:54:27 | 001,507,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/03/12 23:54:22 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/03/12 23:54:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/03/12 23:54:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/03/12 23:54:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/03/12 23:54:21 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/03/12 23:54:15 | 006,640,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/03/12 23:54:15 | 005,770,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/03/12 23:54:15 | 002,133,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/03/12 23:54:14 | 004,175,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll
[2014/03/12 23:54:14 | 002,143,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/03/12 23:54:14 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014/03/12 23:54:14 | 001,371,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014/03/12 23:54:14 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/03/12 23:54:14 | 000,764,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/03/12 23:54:14 | 000,669,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/03/12 23:54:13 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2014/03/12 23:54:13 | 001,486,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll
[2014/03/12 23:54:13 | 001,238,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll
[2014/03/12 23:54:13 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/03/12 23:54:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/03/12 23:54:13 | 000,458,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WerFault.exe
[2014/03/12 23:54:13 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppcomapi.dll
[2014/03/12 23:54:13 | 000,408,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WerFault.exe
[2014/03/12 23:54:13 | 000,407,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Faultrep.dll
[2014/03/12 23:54:13 | 000,369,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Faultrep.dll
[2014/03/12 23:54:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2014/03/12 23:54:13 | 000,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/03/12 23:54:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2014/03/12 23:54:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWWIN.EXE
[2014/03/12 23:54:13 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DWWIN.EXE
[2014/03/12 23:54:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/03/12 23:54:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/03/12 23:54:06 | 000,236,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/03/12 23:54:06 | 000,124,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2014/03/12 23:54:06 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/03/12 23:54:03 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014/03/12 23:54:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/03/11 05:25:59 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Apple
[2014/03/11 05:22:45 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Apple Computer
[2014/03/07 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\IDT
[2014/03/06 06:23:16 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452)
[2014/03/04 22:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/04 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\eFax Messenger
[2014/03/04 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Setup
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\eFax Messenger 4.4
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2014/03/04 22:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFax Messenger 4.4
[2014/03/02 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2014/03/02 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2014/02/27 19:39:29 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\IObit
[2014/02/24 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2014/02/24 16:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2014/02/22 17:43:22 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\WebApp
[2014/02/22 17:42:38 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Cyberlink
[2014/02/22 17:42:33 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\CyberLink
[2014/02/22 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\CyberLink
[2014/02/22 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\ConvertXtoDVD
[2014/02/22 03:28:11 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Diagnostics
[2014/02/22 03:14:00 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\Opera Software
[2014/02/22 03:14:00 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\Opera Software
[2014/02/21 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2014/02/20 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Local\CrashDumps
[2014/02/20 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\Documents\Any Video Converter
[2014/02/20 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\A Lamar\AppData\Roaming\AnvSoft
[2014/02/20 23:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2014/02/20 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2014/02/20 16:12:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/20 16:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/03 15:00:18 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\A Lamar\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 09:21:09 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:57:35 | 000,018,630 | ---- | M] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:50:27 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll
[2038/09/13 07:39:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\0
[2014/03/19 20:05:29 | 000,000,821 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/03/19 20:05:08 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/19 20:05:08 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/19 20:05:08 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/19 20:02:27 | 000,004,524 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/03/19 20:02:25 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/03/19 20:00:56 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/19 20:00:30 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 19:58:55 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/19 19:58:43 | 2465,050,623 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/19 19:47:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/19 19:39:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_White.job
[2014/03/19 19:39:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_White.job
[2014/03/19 19:13:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsNotifyTask_A Lamar.job
[2014/03/19 19:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/19 19:10:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_A Lamar.job
[2014/03/13 20:10:42 | 000,625,664 | ---- | M] () -- C:\Users\A Lamar\Desktop\dds.scr
[2014/03/13 20:09:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\A Lamar\Desktop\HiJackThis.exe
[2014/03/13 20:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Lamar\Desktop\OTL.exe
[2014/03/13 12:36:12 | 000,496,256 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/10 18:17:22 | 000,128,288 | ---- | M] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll
[2014/03/08 17:15:59 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/03/08 07:42:47 | 000,154,248 | ---- | M] (Webroot) -- C:\WINDOWS\SysWow64\WRusr.dll
[2014/03/08 07:42:47 | 000,115,168 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\drivers\WRkrn.sys
[2014/03/08 07:42:47 | 000,105,320 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\WRusr.dll
[2014/03/06 06:23:00 | 000,020,375 | ---- | M] () -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452).zip
[2014/03/05 18:05:01 | 000,002,265 | ---- | M] () -- C:\Users\A Lamar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/04 22:51:23 | 000,002,474 | ---- | M] () -- C:\Users\A Lamar\Desktop\JRW - Chrome.lnk
[2014/03/04 22:51:23 | 000,002,430 | ---- | M] () -- C:\Users\A Lamar\Desktop\A LAMAR Chrome.lnk
[2014/03/04 22:17:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\eFax_4_4_Port
[2014/03/04 21:53:43 | 000,000,885 | ---- | M] () -- C:\Users\A Lamar\Desktop\P - Shortcut.lnk
[2014/03/04 18:53:05 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/04 18:53:04 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/03/01 14:41:19 | 000,001,145 | ---- | M] () -- C:\Users\A Lamar\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/01 00:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/02/28 23:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/02/28 23:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/02/28 22:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/02/28 22:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/02/27 18:16:47 | 000,000,854 | ---- | M] () -- C:\Users\A Lamar\Desktop\CCleaner.lnk
[2014/02/24 16:26:51 | 000,001,131 | ---- | M] () -- C:\Users\A Lamar\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 17:46:58 | 000,001,927 | ---- | M] () -- C:\Users\A Lamar\Desktop\Media Go.lnk
[2014/02/22 17:43:45 | 000,001,421 | ---- | M] () -- C:\Users\A Lamar\Desktop\CyberLink Media Suite.lnk
[2014/02/22 16:57:04 | 000,001,360 | ---- | M] () -- C:\Users\A Lamar\Desktop\Freemake Video Converter.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/20 23:25:55 | 000,001,221 | ---- | M] () -- C:\Users\A Lamar\Desktop\Any Video Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2038/09/13 09:18:56 | 2465,050,623 | -HS- | C] () -- C:\hiberfil.sys
[2038/09/13 09:17:24 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2038/09/13 07:57:35 | 000,018,630 | ---- | C] () -- C:\WINDOWS\SysNative\results.xml
[2038/09/13 07:57:16 | 000,004,524 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2038/09/13 07:57:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2038/09/13 07:52:53 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2038/09/13 07:52:49 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2038/09/13 07:45:11 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
[2038/09/13 07:42:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[2038/09/13 07:41:15 | 000,024,376 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\cpqdfw.sys
[2038/09/13 07:39:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_BtL2caScoIf_01009.Wdf
[2038/09/13 07:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\0
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysWow64\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2038/09/13 07:35:30 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\SysNative\drivers\103C_HP_cPC_h8-1410_Y53316J_0U_Q4CE2370G93_E12NA3RR8605_4A_I2AD5_SPEGATRON CORPORATION_V1.03_B8.18_T130318_W8101-0_L409_M8059_J2000_7Intel_86A9_93.00_#380913_N19691091;18143290_Z_G80860152_Ohp DVD-RAM SW810.MRK
[2014/03/18 11:09:23 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/18 11:09:23 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/13 20:10:41 | 000,625,664 | ---- | C] () -- C:\Users\A Lamar\Desktop\dds.scr
[2014/03/12 23:54:13 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/03/06 06:22:59 | 000,020,375 | ---- | C] () -- C:\Users\A Lamar\Desktop\ojik.geudaeman.(2011).eng.1cd.(4465452).zip
[2014/03/04 21:53:43 | 000,000,885 | ---- | C] () -- C:\Users\A Lamar\Desktop\P - Shortcut.lnk
[2014/03/01 14:41:19 | 000,001,145 | ---- | C] () -- C:\Users\A Lamar\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/24 16:26:51 | 000,001,131 | ---- | C] () -- C:\Users\A Lamar\Desktop\ZSoft Uninstaller.lnk
[2014/02/22 17:46:58 | 000,001,927 | ---- | C] () -- C:\Users\A Lamar\Desktop\Media Go.lnk
[2014/02/22 17:43:45 | 000,001,421 | ---- | C] () -- C:\Users\A Lamar\Desktop\CyberLink Media Suite.lnk
[2014/02/22 16:57:04 | 000,001,360 | ---- | C] () -- C:\Users\A Lamar\Desktop\Freemake Video Converter.lnk
[2014/02/22 03:04:42 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/02/20 23:25:55 | 000,001,221 | ---- | C] () -- C:\Users\A Lamar\Desktop\Any Video Converter.lnk
[2014/01/30 00:31:50 | 002,927,360 | ---- | C] () -- C:\WINDOWS\wweb32.dll
[2014/01/17 11:01:02 | 000,091,136 | ---- | C] () -- C:\WINDOWS\SendToClip.exe
[2014/01/03 15:00:18 | 000,099,384 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\inst.exe
[2014/01/03 15:00:18 | 000,007,859 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\pcouffin.cat
[2014/01/03 15:00:18 | 000,001,167 | ---- | C] () -- C:\Users\A Lamar\AppData\Roaming\pcouffin.inf
[2013/12/24 13:09:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF545.ini
[2013/12/24 10:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/12/24 08:18:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/12/24 02:16:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2013/12/24 02:16:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2013/12/24 02:16:05 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lagarith.dll
[2013/12/24 02:16:04 | 000,217,176 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/12/24 02:16:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013/12/23 19:24:40 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/21 15:53:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/21 15:52:58 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/21 15:52:56 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/30 13:22:52 | 000,000,821 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/07/27 17:50:34 | 000,333,312 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/07/10 21:04:10 | 000,062,976 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2012/07/10 20:59:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/07/10 20:26:44 | 000,090,208 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/07/10 20:26:44 | 000,086,108 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/07/10 20:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/07/10 20:26:44 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/07/10 20:26:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/06/13 11:45:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\SysWow64\SROF.dll
[2012/06/05 00:31:00 | 000,000,417 | ---- | C] () -- C:\WINDOWS\SysWow64\RaoBLE.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 04:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/09 00:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
 
RKreport
 
The link is broken to the Rogue Killer. Do you have another link to it please?


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 March 2014 - 10:41 PM

Hi leader2,

Which user profile is having the issues?
  • A Lamar
  • Eurceliakins
  • White

I tried to uninstall Windows Defender, but on my Win 8.1 machine it didn't show up as being in the uninstall panel at all. It said was turned off actually and I couldn't access it when I tried to turn it on. Please tell me if there is another way to uninstall it.

I don't believe Windows allows you to uninstall Windows Defender, but disabling should be good enough.

Please try the OTL fix again, it didn't complete successfully.

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-4128554873-3097705083-3195864600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
    FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
    
    :Commands
    [createrestorepoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================
 

The link is broken to the Rogue Killer. Do you have another link to it please?

 
Sorry about that, this one should be working.

bullseye_zpse9eaf36e.gif RogueKiller

Download to your desktop RogueKiller (by tigzy)

RogueKiller_zps5799200f.gif
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

In your next post please provide the following:
  • OTL fix log
  • RKreport.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 21 March 2014 - 07:15 PM

In your next post please provide the following:
OTL fix log
RKreport.txt
 
 
Which user profile is having the issues?
A Lamar
Eurceliakins
White
 
The A Lamar profile is having the issues. However the White profile during shutdown has shown the explorer.exe error with the red popup though I've never seen it have severe issues like A Lamar. the Actually as I'm doing typing this now the explorer issue is happening right now. (The desktop is going black as I mentioned in my original post.)Then the desktop reappeared without my having to do anything unlike before where it just stayed that way and needed a restart of the explorer.
 
Sorry about the OTL fix not going thru. I tried again and let the program run exactly as I was supposed with the text in the box, but this time no text file popped up. The only thing running was the otl.exe and the computer did reboot. However two desktop.ini files and a thumbs.db file popped up on desktop after the reboot. Can you let me know what went wrong?
 
RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : A Lamar [Admin rights]
Mode : Scan -- Date : 03/21/2014 21:13:52
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] cfr080di.default : DivX Browser Bar
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : PUP ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-1CH164 +++++
--- User ---
[MBR] 5d85c449ad297c8a144e9a20db62c917
[BSP] 0bbeebcec7a30c8af878cb33f9690131 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST4000DM000-1F2168 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE3 @ USB) Hitachi HDS721010CLA332 USB Device +++++
--- User ---
[MBR] 438ac2f71db37596610deb9e4280773b
[BSP] cda28c69ad501c103c1eb8d02363511f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic- SD/MMC USB Device +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_03212014_211352.txt >>
RKreport[0]_S_03212014_211107.txt


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 March 2014 - 08:10 PM

Hi leader2,

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Wait until the Status box shows "Scan Finished"
  • Click the Delete button
  • Wait until the Status box shows "Deleting Finished"
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif System File Checker (SFC)
  • Press Windows key + R keys on your keyboard. In the Run box that appears type the following:
    • CMD
  • Press Enter, in the Command Prompt window type (or copy and paste)
    • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Copy and Paste the contents of the file into your next post.
  • After the scan runs type exit to close the command prompt window
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

In your next post please provide the following:
  • RKreport]1]
  • sfcdetails.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 22 March 2014 - 06:57 AM

In your next post please provide the following:
RKreport]1]
 
RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : A Lamar [Admin rights]
Mode : Remove -- Date : 03/22/2014 04:16:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] cfr080di.default : DivX Browser Bar
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : PUP ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-1CH164 +++++
--- User ---
[MBR] 5d85c449ad297c8a144e9a20db62c917
[BSP] 0bbeebcec7a30c8af878cb33f9690131 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST4000DM000-1F2168 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE3 @ USB) Hitachi HDS721010CLA332 USB Device +++++
--- User ---
[MBR] 438ac2f71db37596610deb9e4280773b
[BSP] cda28c69ad501c103c1eb8d02363511f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic- SD/MMC USB Device +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_D_03222014_041616.txt >>
RKreport[0]_S_03212014_211107.txt;RKreport[0]_S_03212014_211352.txt;RKreport[0]_S_03222014_041456.txt
 
sfcdetails.txt
 
When I tried to run scannow it said I couldn't do so because I needed to be logged in as an admin first. This struck me as strange since these are admin accounts. How do I bypass this?
 
 
Any change in performance?
 
Sorry that I can't comment on the performance after completing a scannow log, but after I tried to scan I switched users to White and logged back onto the problem user A Lamar. The computer suddenly had a BSOD. This has happened at least once or twice before which makes me wonder how we are progressing thus far. Please give me your thoughts on this and how we should proceed.


#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 March 2014 - 07:46 AM

Hi leader2,
 

When I tried to run scannow it said I couldn't do so because I needed to be logged in as an admin first. This struck me as strange since these are admin accounts. How do I bypass this?

You will need to re-check and make sure the account you are trying to use does in fact have Administrator permissions.
 
=======================
  • Swipe up to open the Apps screen. If you're using a keyboard, click the arrow icon at the bottom of the screen to open Apps.
  • Note: Actually, if you're using a mouse and keyboard, there's an even quicker way to open an elevated Command Prompt in Windows 8. See Tip #2 near the bottom of the page for more on that. It works with a touch-only interface too, but it's a little harder that way.
  • On the Apps screen, locate the Windows System heading. You may need to swipe or scroll to the right depending on the size of your screen.
  • Press and hold, or right-click, on Command Prompt.
  • Press or click on Run as administrator from the menu that appears at the bottom of the screen.
  • Press or click on Yes if you're prompted with a User Account Control message.
  • Note: If your Windows 8 account does not have administrator privileges, you may be prompted with a different message here, asking for credentials from another account on your computer that does have administrator privileges before you'll be allowed to open an elevated Command Prompt.
  • An elevated Command Prompt window will appear.
=======================

Then re-try the sfcscannow step

 


The computer suddenly had a BSOD. This has happened at least once or twice before which makes me wonder how we are progressing thus far. Please give me your thoughts on this and how we should proceed.

 
I think there may be an issue with the integrity of the system files, that is why we need to run the System File Checker
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 24 March 2014 - 06:13 PM

I reran the scan and the results were the same as the last time I scanned. The scan found corrupt files, but didn't save a log file to the desktop so I unfortunately I couldn't post it here. I did do the scan now step under the elevated command as you said so it confirms that the blue screen issue could be due to corruption. Do you think this is the real issue for the explorer problem? I was able to take a screenshot of the results though please tell me what the results mean and how we should proceed.

 

 

c4lo.png



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 March 2014 - 07:10 PM

Hi leader2,
 

Do you think this is the real issue for the explorer problem? I was able to take a screenshot of the results though please tell me what the results mean and how we should proceed.

At this point I can't be sure yet, I will need to see the log file that was generated from the scan.

Locate the log file:

Reopen the elevated command prompt and copy and paste the following code into the window

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

or navigate here and copy and paste the log in your next reply.

C:\Windows\Logs\CBS\CBS.log

In your next post please provide the following:

  • sfcdetails.txt
    OR
  • CBS log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 24 March 2014 - 08:42 PM

I did paste the string of text just now and it wouldn't open the txt file with this error appearing. 

 

6gqm.png

 

When I tried to open the CBS.log it said access denied. The original CBS log is called: CbsPersist_20140313164805 and is a cabinet file. 



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 March 2014 - 11:14 PM

Hi leader2,

Try this:

  • Click Start Orb > type cmd in the searchbox
  • Right-click cmd in the results above > click Run as administrator
  • At the prompt type notepad c:\windows\logs\cbs\cbs.log then press enter

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 leader2

leader2

    Silver Member

  • Authentic Member
  • PipPipPip
  • 250 posts

Posted 25 March 2014 - 06:25 AM

Thanks for your help. The log finally opened, but as I thought it was so large that it couldn't be pasted here. I believe that's why it was a cabinet file and not a regular text file like the other logs I've posted. It's 10.6 mb, which makes me think something must have really went wrong in the system with the corruption. The attachments only allow files that are 2mb in size. Do you still want me to try to upload the log via another file host for you?


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users