Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Browers Problem

(In Progress)
(!)

toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
02-Dec-2013, 09:46 PM #1
Browers Problem
Can someone please help me to remove Nation Zoom.
I have tried to do it from the registry and also using Safe Mode

Please Help
Couriant's Avatar
Couriant   (James) Couriant is offline Couriant is a Trusted Advisor with special permissions.
Trusted Advisor with 30,568 posts.
 
Join Date: Mar 2002
Location: Chillin in AZ
02-Dec-2013, 10:10 PM #2
Can you be more specific? as in does it show up as a home page, toolbar... etc?

I just found out what Nation Zoom is. It's a browser hijacker. I have requested this to be moved to the Malware forum for better assistance.
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
02-Dec-2013, 11:10 PM #3
It comes up when browser is open, but not listed as home page; when the home button is pressed then I can go to home page. also is not listed as search engine
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
03-Dec-2013, 03:36 AM #4
follow advice here and post the logs those programs make
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
03-Dec-2013, 07:02 PM #5
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:41:58 PM, on 12/3/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\WillieJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\WindowsApps\2462GerasimovRoman.MicrosoftCommunity_1.0.0.0_neutral__dt ya9j4hwybzc\Microsoft Community.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\WillieJ\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&t...CH164_Z1E4X3FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&t...CH164_Z1E4X3FR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&t...CH164_Z1E4X3FR
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: glindorus - {9598e82a-7e09-4438-b425-b9e9718c3c73} - C:\Program Files (x86)\glindorus\glindorusbho.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.2\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.2\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [iLivid] "C:\Users\WillieJ\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - Startup: Dropbox.lnk = WillieJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\WINDOWS\Installer\MSI5949.tmp.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update glindorus - Unknown owner - C:\Program Files (x86)\glindorus\updateglindorus.exe
O23 - Service: Util glindorus - Unknown owner - C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.1.3 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

--
End of file - 15021 bytes

When I run the DDS program I get the error message can not run in Compatibility Mode

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-03 17:00:55
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST2000DM001-1CH164 rev.HP33 1863.02GB
Running: gmer.exe; Driver: C:\Users\WillieJ\AppData\Local\Temp\uwldipoc.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600010ae00 15 bytes [00, 8F, 0F, 02, 40, F0, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600010ae10 11 bytes [00, DB, FB, FF, 80, C7, D2, ...]

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffad779169a 4 bytes [79, D7, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffad77916a2 4 bytes [79, D7, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffad779181a 4 bytes [79, D7, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffad7791832 4 bytes [79, D7, FA, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffad779169a 4 bytes [79, D7, FA, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffad77916a2 4 bytes [79, D7, FA, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffad779181a 4 bytes [79, D7, FA, 7F]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffad7791832 4 bytes [79, D7, FA, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [744:4880] fffff9600088c4d0
Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:6640] 00000000598f6db4
Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:6636] 00000000598f6214
Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:2856] 00000000598f6db4
Thread C:\Windows\System32\SettingSyncHost.exe [3572:1620] 00007ffac64964f4
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10728] 000000000fb8a567
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:8716] 000000000fb8a567
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10484] 00000000779b5658
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10612] 00000000779b5658
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10776] 0000000075624c23
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:11184] 0000000075624c23
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4680] 000000000f44f28e
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4056] 00000000009be008
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10712] 0000000007a16d72
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4664] 00000000779b5658
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10636] 00000000779b5658
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:1828] 00000000779b5658
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:3832] 00000000779b5658

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
03-Dec-2013, 08:01 PM #6
you have w8.1 and very little of the tools run on that

Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
03-Dec-2013, 08:50 PM #7
# AdwCleaner v3.014 - Report created 03/12/2013 at 18:10:34
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : WillieJ - TOOPAY
# Running from : C:\Users\WillieJ\AppData\Local\Microsoft\Windows\INetCache\IE\82FW57FK\AdwC leaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher
[#] Service Deleted : Update glindorus
[#] Service Deleted : Util glindorus
Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\glindorus
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\WillieJ\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\WillieJ\AppData\Local\jZip
Folder Deleted : C:\Users\WillieJ\AppData\Local\PackageAware
Folder Deleted : C:\Users\WillieJ\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\WillieJ\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\WillieJ\Documents\PC Health Kit
Folder Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
File Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9598E82A-7E09-4438-B425-B9E9718C3C73}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9598E82A-7E09-4438-B425-B9E9718C3C73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9598E82A-7E09-4438-B425-B9E9718C3C73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9598E82A-7E09-4438-B425-B9E9718C3C73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\glindorus
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\glindorus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\glindorus

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9292 octets] - [03/12/2013 18:07:36]
AdwCleaner[S0].txt - [9045 octets] - [03/12/2013 18:10:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9105 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
04-Dec-2013, 08:05 AM #8
That got quite a lot, but I am not certain that it got it all
Download OTS.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTS, allow it to run.
  • Double-click on OTS.exe to start the program.
  • In the Files Age drop down box click 90
  • in the Additional scans sections please select Everything and make sure safe list box is checked
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
04-Dec-2013, 08:36 PM #9
[code]
OTS logfile created on: 12/4/2013 6:29:05 PM - Run 2
OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\WillieJ\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1843.44 Gb Total Space | 1755.93 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Drive D: | 17.76 Gb Total Space | 0.26 Gb Free Space | 1.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOOPAY
Current User Name: WillieJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\WillieJ\Downloads\OTS.exe -> [2013/12/04 16:44:19 | 000,646,656 | ---- | M] (OldTimer Tools)
msosync.exe -> C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE -> [2013/11/30 20:49:01 | 000,449,216 | ---- | M] (Microsoft Corporation)
googlecrashhandler.exe -> C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe -> [2013/11/28 01:57:41 | 000,223,112 | ---- | M] (Google Inc.)
adb.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe -> [2013/11/14 21:32:12 | 000,821,600 | ---- | M] ()
htcsyncmanager.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe -> [2013/11/14 21:30:28 | 000,083,312 | ---- | M] ()
pbbtnservice.exe -> C:\Program Files (x86)\PasswordBox\pbbtnService.exe -> [2013/11/01 14:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -> [2013/10/16 06:14:25 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO)
sdfssvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
sdupdsvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
sdwscsvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -> [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.)
hsmserviceentry.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -> [2013/09/02 09:51:38 | 000,087,368 | ---- | M] (Nero AG)
sdtray.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2013/07/03 02:32:44 | 000,660,184 | ---- | M] (Secunia)
genie2_tray.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe -> [2013/04/07 05:42:00 | 000,123,136 | ---- | M] ()
netgeargenie.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
ekaiohostservice.exe -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company)
dgnsvc.exe -> C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -> [2013/02/11 17:48:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.)
ekprintersdk.exe -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -> [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company)
protectedobjectssrv.exe -> C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -> [2012/12/21 13:32:50 | 000,819,040 | ---- | M] (Infowatch)
passthrusvr.exe -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2012/12/07 16:26:56 | 000,167,424 | ---- | M] ()
clmlsvc_p2g8.exe -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe -> [2012/11/01 08:28:08 | 000,111,120 | ---- | M] (CyberLink)

[Modules - No Company Name]
c2r32.dll -> C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll -> [2013/11/30 20:46:05 | 000,359,592 | ---- | M] ()
appvisvstream32.dll -> C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll -> [2013/11/30 20:46:05 | 000,316,584 | ---- | M] ()
devconnmon.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll -> [2013/11/14 21:34:24 | 000,223,592 | ---- | M] ()
wpdenc.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WPDEnc.dll -> [2013/11/14 21:34:22 | 000,223,584 | ---- | M] ()
resourcemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\ResourceMgt.dll -> [2013/11/14 21:34:18 | 000,170,352 | ---- | M] ()
wifidevicemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WifiDeviceMgt.dll -> [2013/11/14 21:34:16 | 000,186,736 | ---- | M] ()
desktopclientlitedll.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientLiteDll.dll -> [2013/11/14 21:34:06 | 000,403,840 | ---- | M] ()
desktopclientlib.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientLib.dll -> [2013/11/14 21:34:04 | 000,239,992 | ---- | M] ()
desktopclientcpplib_vc80.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientCppLib_vc80.dll -> [2013/11/14 21:34:02 | 003,832,200 | ---- | M] ()
npplayer.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\plugins\npplayer.dll -> [2013/11/14 21:33:36 | 000,829,800 | ---- | M] ()
pthreadvc2.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\pthreadVC2.dll -> [2013/11/14 21:33:10 | 000,058,728 | ---- | M] ()
profilemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\ProfileMgt.dll -> [2013/11/14 21:32:36 | 000,444,776 | ---- | M] ()
androidplaylist.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\AndroidPlaylist.dll -> [2013/11/14 21:32:30 | 000,194,936 | ---- | M] ()
htcsyncmanagerlib.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManagerLib.dll -> [2013/11/14 21:32:14 | 000,465,272 | ---- | M] ()
adb.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe -> [2013/11/14 21:32:12 | 000,821,600 | ---- | M] ()
sqlite3.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll -> [2013/11/14 21:31:16 | 000,607,376 | ---- | M] ()
htcsyncmanager.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe -> [2013/11/14 21:30:28 | 000,083,312 | ---- | M] ()
system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b66c3a 9184d6f58a4ea4c9fda959ae1\System.Configuration.ni.dll -> [2013/10/24 21:26:37 | 000,978,432 | ---- | M] ()
accessibility.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\23e548dbd70b2f a536b3579481f32f1a\Accessibility.ni.dll -> [2013/10/24 21:26:27 | 000,025,600 | ---- | M] ()
system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9e55130078215e512 57977a651b0696b\System.Xml.ni.dll -> [2013/10/21 21:43:50 | 005,463,552 | ---- | M] ()
system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac5500 0ab752ad6469e74bc2031a3ef\System.Windows.Forms.ni.dll -> [2013/10/21 21:43:47 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e846f72e7c003 12a5d9c04e7f70fa4a8\System.Drawing.ni.dll -> [2013/10/21 21:43:41 | 001,593,344 | ---- | M] ()
system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5a86b00da9227fe7c9a1f 6ca95c1850c\System.ni.dll -> [2013/10/21 21:43:15 | 007,993,856 | ---- | M] ()
mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0cc1da9cd31b490f4ec 04cb6c2aa0519\mscorlib.ni.dll -> [2013/10/21 21:43:11 | 011,499,520 | ---- | M] ()
crashrpt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\CrashRpt.dll -> [2013/10/17 15:43:48 | 000,162,152 | ---- | M] ()
webkit.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WebKit.dll -> [2013/10/17 15:42:56 | 021,281,120 | ---- | M] ()
mmsync.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\mmsync.dll -> [2013/10/17 15:42:46 | 000,112,992 | ---- | M] ()
dautil.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\dautil.dll -> [2013/10/17 15:42:44 | 000,021,344 | ---- | M] ()
dbadapter.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DBAdapter.dll -> [2013/10/17 15:42:26 | 000,045,928 | ---- | M] ()
zlib1.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll -> [2013/10/17 15:42:24 | 000,129,376 | ---- | M] ()
webkitbrowser.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WebKitBrowser.dll -> [2013/10/17 15:42:22 | 000,117,104 | ---- | M] ()
libxml2.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\libxml2.dll -> [2013/10/17 15:42:12 | 001,153,384 | ---- | M] ()
libpng.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\libpng.dll -> [2013/10/17 15:42:10 | 000,190,816 | ---- | M] ()
javascriptcore.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\JavaScriptCore.dll -> [2013/10/17 15:42:06 | 003,041,648 | ---- | M] ()
icuuc.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\icuuc.dll -> [2013/10/17 15:41:54 | 001,349,984 | ---- | M] ()
icudt48.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\icudt48.dll -> [2013/10/17 15:41:50 | 021,973,352 | ---- | M] ()
cflite.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\CFLite.dll -> [2013/10/17 15:41:48 | 000,776,544 | ---- | M] ()
cairo.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\cairo.dll -> [2013/10/17 15:41:46 | 001,046,880 | ---- | M] ()
nadvlog.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll -> [2013/10/17 15:40:34 | 000,044,392 | ---- | M] ()
nfilecachedbaccess.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll -> [2013/10/17 15:40:32 | 000,036,216 | ---- | M] ()
groupmgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\GroupMgt.dll -> [2013/10/17 15:40:30 | 000,019,304 | ---- | M] ()
fileplugin_cnt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\FilePlugin_Cnt.dll -> [2013/10/17 15:40:18 | 000,016,240 | ---- | M] ()
dbaccess.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll -> [2013/10/17 15:40:06 | 000,031,080 | ---- | M] ()
devicemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DeviceMgt.dll -> [2013/10/17 15:39:46 | 000,133,480 | ---- | M] ()
genie.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll -> [2013/06/04 19:22:32 | 000,481,280 | ---- | M] ()
genieplugin_map.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll -> [2013/05/28 00:21:30 | 004,334,592 | ---- | M] ()
snlthirdparty150.bpl -> C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl -> [2013/05/16 09:55:26 | 000,113,496 | ---- | M] ()
dec150.bpl -> C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl -> [2013/05/16 09:55:24 | 000,416,600 | ---- | M] ()
genieplugin_resource.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll -> [2013/05/14 20:56:24 | 008,432,128 | ---- | M] ()
genieplugin_ui.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll -> [2013/05/13 23:18:30 | 000,931,840 | ---- | M] ()
genieplugin_airprint.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll -> [2013/05/09 21:12:10 | 000,229,888 | ---- | M] ()
genieplugin_routerconfiguration.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll -> [2013/04/28 00:25:56 | 001,205,760 | ---- | M] ()
genie2_tray.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe -> [2013/04/07 05:42:00 | 000,123,136 | ---- | M] ()
netgeargenie.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
genieplugin_networkproblem.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll -> [2013/03/27 02:52:32 | 000,500,736 | ---- | M] ()
innerplugin_update.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll -> [2013/03/27 02:51:52 | 000,714,240 | ---- | M] ()
genieplugin_statistics.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll -> [2013/03/27 02:51:40 | 000,641,536 | ---- | M] ()
genieplugin_parentalcontrol.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll -> [2013/03/27 02:51:26 | 001,198,080 | ---- | M] ()
dragonnettool.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll -> [2013/03/27 02:50:02 | 000,186,368 | ---- | M] ()
wsetupapiplugin.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll -> [2013/03/27 02:49:54 | 000,116,224 | ---- | M] ()
innerplugin_wirelessexport.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll -> [2013/03/27 02:49:40 | 000,485,376 | ---- | M] ()
genieplugin_wireless.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll -> [2013/03/27 02:49:26 | 000,438,272 | ---- | M] ()
genieplugin_internet.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll -> [2013/03/27 02:43:48 | 001,067,520 | ---- | M] ()
diagnoseplugin.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll -> [2013/03/27 02:42:54 | 000,137,728 | ---- | M] ()
qrcode.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll -> [2013/03/27 02:42:52 | 000,088,064 | ---- | M] ()
svtnetworktool.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll -> [2013/03/27 02:42:50 | 001,553,920 | ---- | M] ()
netcardapi.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll -> [2013/03/26 20:58:14 | 000,074,752 | ---- | M] ()
airprintdll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll -> [2013/03/26 20:58:12 | 000,136,704 | ---- | M] ()
diagnosedll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll -> [2013/03/26 20:58:08 | 000,139,264 | ---- | M] ()
svtutils.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll -> [2013/03/26 20:58:06 | 000,072,192 | ---- | M] ()
wsetupdll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll -> [2013/03/26 20:58:06 | 000,066,560 | ---- | M] ()
qtgui4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll -> [2013/02/19 00:46:06 | 009,814,016 | ---- | M] ()
qtcore4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll -> [2013/02/19 00:46:06 | 002,537,472 | ---- | M] ()
qtnetwork4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll -> [2013/02/19 00:46:06 | 001,140,224 | ---- | M] ()
qtxml4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll -> [2013/02/19 00:46:00 | 000,399,360 | ---- | M] ()
qjpeg4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll -> [2013/02/19 00:46:00 | 000,287,232 | ---- | M] ()
qico4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll -> [2013/02/19 00:46:00 | 000,083,456 | ---- | M] ()
qgif4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll -> [2013/02/19 00:46:00 | 000,083,456 | ---- | M] ()
libgcc_s_dw2-1.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll -> [2013/02/19 00:46:00 | 000,043,008 | ---- | M] ()
mingwm10.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll -> [2013/02/19 00:46:00 | 000,011,362 | ---- | M] ()
windowslive.writer.localization.resources.dll -> C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll -> [2013/02/05 21:57:56 | 000,269,824 | ---- | M] ()
dblite.dll -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll -> [2012/12/20 17:19:26 | 000,479,752 | ---- | M] ()
libntgr_api.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll -> [2012/11/29 03:56:00 | 003,332,720 | ---- | M] ()
clmlsvcps.dll -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll -> [2012/06/08 12:34:06 | 000,016,400 | ---- | M] ()
clmedialibrary.dll -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll -> [2012/06/07 21:34:06 | 000,627,216 | ---- | M] ()

[Win32 Services - Safe List]
64bit-(w3logsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\inetsrv\w3logsvc.dll -> [2013/10/21 23:57:09 | 000,076,800 | ---- | M] (Microsoft Corporation)
64bit-(workfolderssvc) [On_Demand | Stopped] -> C:\Windows\SysNative\workfolderssvc.dll -> [2013/10/21 19:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation)
64bit-(IEEtwCollectorService) [On_Demand | Stopped] -> C:\WINDOWS\SysNative\IEEtwCollector.exe -> [2013/10/18 23:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation)
64bit-(WSService) [Unknown | Stopped] -> C:\Windows\SysNative\WSService.dll -> [2013/10/10 10:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation)
64bit-(AppXSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\AppXDeploymentServer.dll -> [2013/10/10 04:40:53 | 001,302,528 | ---- | M] (Microsoft Corporation)
64bit-(AppReadiness) [On_Demand | Stopped] -> C:\Windows\SysNative\AppReadiness.dll -> [2013/10/04 02:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation)
64bit-(wlidsvc) [On_Demand | Running] -> C:\Windows\SysNative\wlidsvc.dll -> [2013/09/29 22:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation)
64bit-(Wcmsvc) [Auto | Running] -> C:\Windows\SysNative\wcmsvc.dll -> [2013/09/29 22:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation)
64bit-(lfsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\GeofenceMonitorService.dll -> [2013/09/29 22:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation)
64bit-(BrokerInfrastructure) [Unknown | Running] -> C:\Windows\SysNative\bisrv.dll -> [2013/09/29 22:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation)
64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2013/09/18 23:32:40 | 000,239,616 | ---- | M] (AMD)
64bit-(OfficeSvc) [Auto | Running] -> C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -> [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation)
64bit-(WdNisSvc) [Unknown | Stopped] -> C:\Program Files\Windows Defender\NisSrv.exe -> [2013/08/22 06:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) [Unknown | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2013/08/22 06:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation)
64bit-(PrintNotify) [On_Demand | Stopped] -> C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -> [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation)
64bit-(WEPHOSTSVC) [On_Demand | Stopped] -> C:\Windows\SysNative\wephostsvc.dll -> [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(EFS) [Unknown | Stopped] -> C:\Windows\SysNative\efssvc.dll -> [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(WiaRpc) [On_Demand | Stopped] -> C:\Windows\SysNative\wiarpc.dll -> [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation)
64bit-(svsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\svsvc.dll -> [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation)
64bit-(fhsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\fhsvc.dll -> [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation)
64bit-(NcaSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\NcaSvc.dll -> [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation)
64bit-(vmicvss) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmictimesync) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmicshutdown) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmicrdv) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmickvpexchange) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmicheartbeat) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(vmicguestinterface) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
64bit-(LSM) [Unknown | Running] -> C:\Windows\SysNative\lsm.dll -> [2013/08/22 04:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation)
64bit-(smphost) [On_Demand | Stopped] -> C:\Windows\SysNative\smphost.dll -> [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation)
64bit-(SystemEventsBroker) [Unknown | Running] -> C:\Windows\SysNative\SystemEventsBrokerServer.dll -> [2013/08/22 03:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation)
64bit-(ScDeviceEnum) [Unknown | Stopped] -> C:\Windows\SysNative\ScDeviceEnum.dll -> [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation)
64bit-(TimeBroker) [Unknown | Running] -> C:\Windows\SysNative\TimeBrokerServer.dll -> [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation)
64bit-(netprofm) [On_Demand | Running] -> C:\Windows\SysNative\netprofmsvc.dll -> [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation)
64bit-(NcbService) [On_Demand | Running] -> C:\Windows\SysNative\ncbservice.dll -> [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation)
64bit-(DeviceAssociationService) [On_Demand | Running] -> C:\Windows\SysNative\das.dll -> [2013/08/22 03:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation)
64bit-(AudioEndpointBuilder) [Auto | Running] -> C:\Windows\SysNative\AudioEndpointBuilder.dll -> [2013/08/22 03:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation)
64bit-(DsmSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\DeviceSetupManager.dll -> [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation)
64bit-(NcdAutoSetup) [On_Demand | Running] -> C:\Windows\SysNative\NcdAutoSetup.dll -> [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-(STacSV) [Auto | Running] -> C:\Program Files\IDT\WDM\stacsv64.exe -> [2013/06/06 08:52:08 | 000,333,824 | ---- | M] (IDT, Inc.)
(PasswordBox) PasswordBox [Auto | Running] -> C:\Program Files (x86)\PasswordBox\pbbtnService.exe -> [2013/11/01 14:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.)
(WAS) Windows Process Activation Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -> [2013/10/21 23:57:10 | 000,475,648 | ---- | M] (Microsoft Corporation)
(w3logsvc) W3C Logging Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -> [2013/10/21 23:57:09 | 000,066,560 | ---- | M] (Microsoft Corporation)
(AppHostSvc) Application Host Helper Service [Auto | Running] -> C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -> [2013/10/21 23:57:09 | 000,062,464 | ---- | M] (Microsoft Corporation)
(AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -> [2013/10/16 06:14:25 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO)
(SDScannerService) Spybot-S&D 2 Scanner Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
(lfsvc) Windows Location Framework Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\GeofenceMonitorService.dll -> [2013/09/29 22:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation)
(SDUpdateService) Spybot-S&D 2 Updating Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
(SDWSCService) Spybot-S&D 2 Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -> [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.)
(HTCMonitorService) HTCMonitorService [Auto | Running] -> C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -> [2013/09/02 09:51:38 | 000,087,368 | ---- | M] (Nero AG)
(StorSvc) Storage Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\StorSvc.dll -> [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation)
(smphost) Microsoft Storage Spaces SMP [On_Demand | Stopped] -> C:\Windows\SysWOW64\smphost.dll -> [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation)
(Secunia PSI Agent) Secunia PSI Agent [On_Demand | Stopped] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2013/07/03 02:32:44 | 001,228,504 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2013/07/03 02:32:44 | 000,660,184 | ---- | M] (Secunia)
(NETGEARGenieDaemon) NETGEARGenieDaemon [Auto | Running] -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -> [2013/04/07 05:39:20 | 000,232,192 | ---- | M] (NETGEAR)
(Kodak AiO Network Discovery Service) Kodak AiO Network Discovery Service [Auto | Running] -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company)
(DragonSvc) Dragon Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -> [2013/02/11 17:48:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.)
(Kodak AiO Status Monitor Service) Kodak AiO Status Monitor Service [Auto | Running] -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -> [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company)
(CSObjectsSrv) CryptoStorage control service [Auto | Running] -> C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -> [2012/12/21 13:32:50 | 000,819,040 | ---- | M] (Infowatch)
(PassThru Service) Internet Pass-Through Service [Auto | Running] -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2012/12/07 16:26:56 | 000,167,424 | ---- | M] ()
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company)

[Driver Services - Safe List]
64bit-(avgtp) avgtp [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtpx64.sys -> [2013/11/21 16:37:31 | 000,046,368 | ---- | M] (AVG Technologies)
64bit-(klelam) klelam [Kernel | Boot | Stopped] -> C:\Windows\SysNative\drivers\klelam.sys -> [2013/11/13 03:53:59 | 000,029,792 | ---- | M] (Kaspersky Lab)
64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | M] (Disc Soft Ltd)
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2013/10/16 06:15:46 | 000,625,760 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2013/10/16 06:15:46 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klkbdflt) Kaspersky Lab KLKBDFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klkbdflt.sys -> [2013/10/16 06:15:46 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO)
64bit-(kl1) kl1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2013/10/16 06:15:44 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO)
64bit-(WFPLWFS) Microsoft Windows Filtering Platform [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\wfplwfs.sys -> [2013/10/12 20:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation)
64bit-(intelpep) Intel(R) Power Engine Plug-in Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\intelpep.sys -> [2013/10/08 05:07:14 | 000,039,768 | ---- | M] (Microsoft Corporation)
64bit-(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\npf.sys -> [2013/10/06 20:10:40 | 000,035,344 | ---- | M] (CACE Technologies, Inc.)
64bit-(kneps) kneps [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kneps.sys -> [2013/10/06 19:50:24 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klwfp) klwfp [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klwfp.sys -> [2013/10/06 19:50:24 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO)
64bit-(spaceport) Storage Spaces Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\spaceport.sys -> [2013/10/05 09:25:54 | 000,371,032 | ---- | M] (Microsoft Corporation)
64bit-(stornvme) Microsoft Standard NVM Express Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stornvme.sys -> [2013/10/05 09:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation)
64bit-(USBHUB3) SuperSpeed Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBHUB3.SYS -> [2013/09/29 22:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2013/09/29 22:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation)
64bit-(VerifierExt) VerifierExt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VerifierExt.sys -> [2013/09/29 22:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation)
64bit-(pdc) pdc [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pdc.sys -> [2013/09/29 22:03:25 | 000,086,872 | ---- | M] (Microsoft Corporation)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2013/09/29 21:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation)
64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\terminpt.sys -> [2013/09/29 21:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation)
64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2013/09/26 16:42:16 | 002,588,848 | ---- | M] (Ralink Technology, Corp.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2013/09/18 23:32:40 | 012,526,592 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2013/09/18 23:32:40 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(USBXHCI) USB xHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBXHCI.SYS -> [2013/09/11 06:46:25 | 000,325,464 | ---- | M] (Microsoft Corporation)
64bit-(condrv) Console Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\condrv.sys -> [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation)
64bit-(dam) Desktop Activity Moderator Driver [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\dam.sys -> [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation)
64bit-(acpiex) Microsoft ACPIEx Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\acpiex.sys -> [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation)
64bit-(TPM) TPM [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tpm.sys -> [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation)
64bit-(mvumis) mvumis [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mvumis.sys -> [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.)
64bit-(GPIOClx0101) Microsoft GPIO Class Extension Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msgpioclx.sys -> [2013/08/22 06:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation)
64bit-(msgpiowin32) Common Driver for Buttons, DockMode and Laptop/Slate Indicator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msgpiowin32.sys -> [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation)
64bit-(LSI_SSS) LSI_SSS [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sss.sys -> [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company)
64bit-(LSI_SAS3) LSI_SAS3 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas3.sys -> [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation)
64bit-(ADP80XX) ADP80XX [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\adp80xx.sys -> [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.)
64bit-(3ware) 3ware [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\3ware.sys -> [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices)
64bit-(EhStorTcgDrv) Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -> [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation)
64bit-(EhStorClass) Enhanced Storage Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\EhStorClass.sys -> [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation)
64bit-(amdxata) amdxata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices)
64bit-(VSTXRAID) VIA StorX Storage RAID Controller Windows Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTXRAID.SYS -> [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation)
64bit-(UCX01000) USB Controller Extension [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UCX01000.SYS -> [2013/08/22 06:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation)
64bit-(UASPStor) USB Attached SCSI (UAS) Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uaspstor.sys -> [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation)
64bit-(sdstor) SD Storage Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdstor.sys -> [2013/08/22 06:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.)
64bit-(SerCx2) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SerCx2.sys -> [2013/08/22 06:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation)
64bit-(storahci) Microsoft Standard SATA AHCI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\storahci.sys -> [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation)
64bit-(SpbCx) Simple Peripheral Bus Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SpbCx.sys -> [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation)
64bit-(SerCx) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SerCx.sys -> [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation)
64bit-(wpcfltr) Family Safety Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wpcfltr.sys -> [2013/08/22 06:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation)
64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\clfs.sys -> [2013/08/22 06:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation)
64bit-(ReFS) ReFS [File_System | On_Demand | Stopped] -> C:\WINDOWS\SysNative\drivers\refs.sys -> [2013/08/22 06:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation)
64bit-(UEFI) Microsoft UEFI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uefi.sys -> [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation)
64bit-(vpci) Microsoft Hyper-V Virtual PCI Bus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vpci.sys -> [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation)
64bit-(WpdUpFltr) WPD Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WpdUpFltr.sys -> [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation)
64bit-(WdFilter) Windows Defender Mini-Filter Driver [File_System | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdFilter.sys -> [2013/08/22 06:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation)
64bit-(WdNisDrv) Windows Defender Network Inspection System Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdNisDrv.sys -> [2013/08/22 06:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation)
64bit-(WdBoot) Windows Defender Boot Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdBoot.sys -> [2013/08/22 06:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation)
64bit-(ahcache) Application Compatibility Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ahcache.sys -> [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation)
64bit-(BasicDisplay) BasicDisplay [Kernel | System | Running] -> C:\Windows\SysNative\drivers\BasicDisplay.sys -> [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation)
64bit-(BasicRender) BasicRender [Kernel | System | Running] -> C:\Windows\SysNative\drivers\BasicRender.sys -> [2013/08/22 05:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation)
64bit-(HyperVideo) HyperVideo [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HyperVideo.sys -> [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation)
64bit-(mshidumdf) Pass-through HID to UMDF Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidumdf.sys -> [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(acpitime) ACPI Wake Alarm Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpitime.sys -> [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation)
64bit-(acpipagr) ACPI Processor Aggregator Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipagr.sys -> [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-(BthAvrcpTg) Bluetooth Audio/Video Remote Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BthAvrcpTg.sys -> [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation)
64bit-(kdnic) Microsoft Kernel Debug Network Miniport (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\kdnic.sys -> [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation)
64bit-(gencounter) Microsoft Hyper-V Generation Counter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vmgencounter.sys -> [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation)
64bit-(npsvctrig) Named pipe service trigger provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\npsvctrig.sys -> [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(bthhfhid) Bluetooth Hands-Free Call Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BthhfHid.sys -> [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation)
64bit-(hyperkbd) hyperkbd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hyperkbd.sys -> [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(BthHFEnum) Bluetooth Hands-Free Audio and Call Control HID Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bthhfenum.sys -> [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation)
64bit-(hidi2c) Microsoft I2C HID Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidi2c.sys -> [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(netvsc) netvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netvsc63.sys -> [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation)
64bit-(NdisVirtualBus) Microsoft Virtual Network Adapter Enumerator [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NdisVirtualBus.sys -> [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation)
64bit-(NdisImPlatform) Microsoft Network Adapter Multiplexor Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NdisImPlatform.sys -> [2013/08/22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation)
64bit-(MsLldp) Microsoft Link-Layer Discovery Protocol [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\mslldp.sys -> [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation)
64bit-(Ndu) Windows Network Data Usage Monitoring Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\Ndu.sys -> [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation)
64bit-(FxPPM) Power Framework Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fxppm.sys -> [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation)
64bit-(bcmfn2) bcmfn2 Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bcmfn2.sys -> [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(iaStorAV) Intel(R) SATA RAID Controller Windows [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaStorAV.sys -> [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation)
64bit-(iaLPSSi_GPIO) Intel(R) Serial IO GPIO Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -> [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation)
64bit-(iaLPSSi_I2C) Intel(R) Serial IO I2C Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -> [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation)
64bit-(VClone) VClone [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VClone.sys -> [2013/07/24 09:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG)
64bit-(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\psi_mf_amd64.sys -> [2013/07/03 02:32:42 | 000,018,456 | ---- | M] (Secunia)
64bit-(L1C) NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C63x64.sys -> [2013/06/18 08:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.)
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2013/06/06 08:52:08 | 000,550,912 | ---- | M] (IDT, Inc.)
64bit-(WsAudioDevice_383) WsAudioDevice_383 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VirtualAudio.sys -> [2013/05/09 09:48:42 | 000,031,080 | ---- | M] (Wondershare)
64bit-(amd_sata) amd_sata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_sata.sys -> [2013/03/31 17:52:04 | 000,080,552 | ---- | M] (Advanced Micro Devices)
64bit-(amd_xata) amd_xata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_xata.sys -> [2013/03/31 17:52:04 | 000,026,280 | ---- | M] (Advanced Micro Devices)
64bit-(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ElbyCDIO.sys -> [2013/03/04 06:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG)
64bit-(CSCrySec) InfoWatch Encrypt Sector Library driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\CSCrySec.sys -> [2012/12/10 14:14:54 | 000,098,064 | ---- | M] (Infowatch)
64bit-(CSVirtualDiskDrv) InfoWatch Virtual Disk driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -> [2012/12/10 14:14:54 | 000,067,344 | ---- | M] (Infowatch)
64bit-(htcnprot) HTC NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\htcnprot.sys -> [2012/12/07 17:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(amdkmpfd) AMD PCI Root Bus Lower Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdkmpfd.sys -> [2012/09/13 18:12:38 | 000,036,520 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2012/08/02 14:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2012/07/16 20:36:29 | 000,057,000 | ---- | M] (Advanced Micro Devices)
64bit-(CLVirtualDrive) CLVirtualDrive [Kernel | System | Running] -> C:\Windows\SysNative\drivers\CLVirtualDrive.sys -> [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink)
64bit-(CpqDfw) Compaq Dfw [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\cpqdfw.sys -> [2012/05/29 16:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
64bit-(HTCAND64) HTC Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ANDROIDUSB.sys -> [2009/11/02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.msn.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.bing.com ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms} ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms} ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://msn.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\URL_ADVISOR@KASPERSKY.COM] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ANTI_BANNER@KASPERSKY.COM] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ONLINE_BANKING@KASPERSKY.COM] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [C:\PROGRAM FILES (X86)\NUANCE\NATURALLYSPEAKING12\PROGRAM\FFSHIM.XPI] -> [2013/02/11 17:44:08 | 000,136,309 | ---- | M] ()
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2013/08/22 07:25:41 | 000,000,824 | ---- | M] - 21 lines) -> C:\WINDOWS\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Lync Browser Helper] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2013/10/06 19:35:44 | 000,651,968 | ---- | M] (Kaspersky Lab ZAO)
{73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2013/10/06 19:35:46 | 001,067,712 | ---- | M] (Kaspersky Lab ZAO)
{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [Safe Money Plugin] -> [2013/10/06 19:35:45 | 000,512,192 | ---- | M] (Kaspersky Lab ZAO)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [Office Document Cache Handler] -> [2013/11/30 20:49:20 | 000,878,808 | ---- | M] (Microsoft Corporation)
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2013/11/30 20:49:14 | 002,328,776 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2013/10/06 19:35:45 | 000,581,824 | ---- | M] (Kaspersky Lab ZAO)
{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [HP Network Check Helper] -> [2013/08/28 01:30:32 | 000,303,416 | ---- | M] (Hewlett-Packard)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{215BA832-75A3-426E-A4FC-7C5B58CE6A10} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll [Kaspersky Passsword Manager Toolbar] -> [2013/11/13 03:53:22 | 002,396,480 | ---- | M] (Kaspersky Lab)
{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2013/10/06 19:35:27 | 000,536,256 | ---- | M] (Kaspersky Lab ZAO)
{5DB69B97-934B-451D-94DB-32EF802A01CD} [HKLM] -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [PasswordBox Helper] -> [2013/11/15 17:03:30 | 000,128,008 | ---- | M] (PasswordBox, Inc.)
{73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2013/10/06 19:35:28 | 000,880,320 | ---- | M] (Kaspersky Lab ZAO)
{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} [HKLM] -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [Dragon NaturallySpeaking Rich Internet Application Support - Extension] -> [2013/02/11 17:50:28 | 000,206,128 | ---- | M] (Nuance Communications, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/10/08 06:50:01 | 000,462,760 | ---- | M] (Oracle Corporation)
{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [Safe Money Plugin] -> [2013/10/06 19:35:28 | 000,426,176 | ---- | M] (Kaspersky Lab ZAO)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL [Office Document Cache Handler] -> [2013/11/30 20:49:20 | 000,705,240 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/10/08 06:47:58 | 000,171,944 | ---- | M] (Oracle Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2013/10/06 19:35:28 | 000,485,568 | ---- | M] (Kaspersky Lab ZAO)
{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [HP Network Check Helper] -> [2013/08/28 01:28:26 | 000,286,520 | ---- | M] (Hewlett-Packard)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{215BA832-75A3-426E-A4FC-7C5B58CE6A10}" [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll [Kaspersky Passsword Manager Toolbar] -> [2013/11/13 03:53:22 | 002,396,480 | ---- | M] (Kaspersky Lab)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BeatsOSDApp" -> C:\Program Files\IDT\WDM\Beats64.exe [C:\Program Files\IDT\WDM\beats64.exe] -> [2012/08/22 16:48:46 | 000,041,664 | ---- | M] (Hewlett-Packard )
"EKIJ5000StatusMonitor" -> C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe [C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe] -> [2012/10/08 09:06:08 | 003,182,080 | ---- | M] (Eastman Kodak Company)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [C:\Program Files\IDT\WDM\sttray64.exe] -> [2013/06/06 08:52:06 | 001,703,424 | ---- | M] (IDT, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"] -> [2013/10/16 06:14:35 | 000,024,256 | ---- | M] (Kaspersky Lab ZAO)
"Conime" -> [%windir%\system32\conime.exe] -> File not found
"DNS7reminder" -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe ["C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"] -> [2010/10/27 10:44:38 | 000,328,992 | ---- | M] (Nuance Communications, Inc.)
"EKStatusMonitor" -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe] -> [2013/01/15 12:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company)
"ISUSPM" -> C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler] -> [2011/10/12 22:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.)
"SDTray" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"] -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
"StartCCC" -> c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2013/02/07 00:42:42 | 000,642,656 | ---- | M] (Advanced Micro Devices, Inc.)
< 64bit-RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"NCPluginUpdater" -> C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe ["C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update] -> [2013/11/27 00:10:44 | 000,021,720 | ---- | M] (Hewlett-Packard)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe ["C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2013/10/28 02:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd)
"ISUSPM" -> C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler] -> [2011/10/12 22:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.)
"NETGEARGenie" -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ["C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect] -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer
\\"NoActiveDesktop" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m
\\"ConsentPromptBehaviorAdmin" -> [5] -> File not found
\\"EnableCursorSuppression" -> [1] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm] -> [2012/12/20 16:22:08 | 000,001,452 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2013/11/30 20:48:18 | 025,619,616 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm] -> [2012/12/20 16:22:08 | 000,001,452 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2013/11/30 20:48:18 | 025,619,616 | ---- | M] (Microsoft Corporation)
Lookup on Merriam Webster -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Lookup on Wikipedia -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Virtual Keyboard] -> [2013/10/06 19:35:46 | 001,067,712 | ---- | M] (Kaspersky Lab ZAO)
{25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
{25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Menu: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Button: Send to OneNote] -> [2013/11/30 20:49:10 | 000,610,520 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2013/11/30 20:49:10 | 000,610,520 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Button: Lync Click to Call] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Menu: Lync Click to Call] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2013/11/30 20:49:11 | 000,572,632 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2013/11/30 20:49:11 | 000,572,632 | ---- | M] (Microsoft Corporation)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Button: URLs check] -> [2013/10/06 19:35:45 | 000,581,824 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
{0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Virtual Keyboard] -> [2013/10/06 19:35:28 | 000,880,320 | ---- | M] (Kaspersky Lab ZAO)
{25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
{25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Menu: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Button: Send to OneNote] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2013/11/30 20:49:24 | 000,463,576 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2013/11/30 20:49:24 | 000,463,576 | ---- | M] (Microsoft Corporation)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [Button: URLs check] -> [2013/10/06 19:35:28 | 000,485,568 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
04-Dec-2013, 09:13 PM #10
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.17.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapt ers\ ->
{C2A0A005-80B2-4FE8-9F75-0FDF89BD79CA}\\DhcpNameServer -> 192.168.17.1 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)) ->
{DDCF1E74-60B6-4E2B-84E8-F41624825BE9}\\DhcpNameServer -> 192.168.1.1 (Ralink RT5390R 802.11bgn Wi-Fi Adapter) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\explorer.exe -> [2013/10/22 01:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2013/08/22 04:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe -> [2013/08/22 05:03:13 | 000,082,944 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2013/10/22 00:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
userinit.exe -> C:\WINDOWS\SysWow64\userinit.exe -> [2013/08/21 20:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
SDWinLogon -> -> File not found
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
livessp -> -> File not found
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules ->
{196A03CB-2128-4D5E-8D3B-21CE71876DE5} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{35864EB0-3115-47CB-A6BA-448241F62275} -> lport=5353 | profile=private | protocol=17 | dir=in | action=allow | name=bonjour port 5353 |
{46A6C94F-3AD2-4479-A318-1F2AE71362F8} -> lport=9322 | profile=public | protocol=6 | dir=in | action=allow | name=ekdiscovery |
{493AA66D-BCEC-4186-A740-3C41DE87C7ED} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{4FDEF6A6-1F8A-409C-9E54-0412439DDA55} -> lport=5353 | profile=public | protocol=17 | dir=in | action=allow | name=bonjour port 5353 |
{52447213-1157-4AD4-964C-1B5EC37DED95} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) |
{7CDA9119-1EBB-413C-934B-54BA35BD06F3} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) |
{EB1A6CA2-5BCD-4AC1-B28D-B5FA25A2A514} -> lport=9322 | profile=private | protocol=6 | dir=in | action=allow | name=ekdiscovery |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules ->
{038147C7-9749-4D0E-A5C7-8CDA85C20A4E} -> profile=domain | dir=out | action=allow | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
{06DCE110-4FF7-4EA4-8C36-A49D18D67491} -> profile=domain | dir=out | action=allow | name=juniper networks junos pulse |
{070B1876-C031-4230-A543-3B7364C63682} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{07C27FC7-61DC-4E79-BBFE-19D62C5BA93A} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
{08ED8753-5D80-40B0-8193-641EFEA886D6} -> dir=out | action=allow | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
{0A5AFAE1-9B4C-4CA6-A5D7-154769627F73} -> dir=out | action=allow | name=hp connected music | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
{0B3A010B-7228-46A4-A58B-5DB4397BAFED} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
{0D91AE26-C0F3-4ADB-858C-CF17E161FEED} -> profile=domain | dir=out | action=allow | name=skype |
{0E2B7C7F-EBB0-4102-AA45-47386BAC9FAA} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
{0F6FD72D-3068-455F-AC96-7A3C00B933A1} -> profile=domain | dir=in | action=allow | name=sonicwall mobile connect |
{16027CB1-111A-4B2A-9F56-825F9B8BE521} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
{1970C66C-75F6-4F16-8B7E-3B0D4C08DCE1} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{1ACDE084-8DE8-4E12-AD22-9DD1EE48C47F} -> profile=public | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\williej\appdata\roaming\dropbox\bin\dropbox.exe |
{1CDC6152-DAF4-463C-82ED-D7D41C4BAF54} -> dir=out | action=allow | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
{1F277F87-AC55-4FF3-851C-B107E0DB1F4C} -> dir=in | action=allow | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
{203C7D8E-9DA4-4B1D-ABEC-A60C550E5149} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
{2199093B-B54D-4599-8770-E7355243321A} -> dir=out | action=allow | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{221D06D3-D5B0-4362-BA28-2EBD6E30C734} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
{22644720-8F9E-402D-BDC8-AB10D84599D8} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
{241B4660-97CD-4277-A861-CF2E9BEDB37D} -> profile=domain | dir=out | action=allow | name=microsoft solitaire collection |
{26FA3D58-F583-4647-9DA5-32DB7E390BC6} -> profile=domain | dir=in | action=allow | name=hp+ |
{28861551-3714-4063-89E5-59B063AE224F} -> dir=in | action=allow | name=hp connected music spotify helper | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
{290C51B0-7058-405D-ACD2-78BF5464DFA2} -> profile=domain | dir=out | action=allow | name=hp games |
{2BE3076A-0B40-4283-AD56-51B7C913E8EA} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
{2C482802-8E26-4E8F-B16D-A040E88FC341} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
{2DC8A19F-9D8A-4871-9F9E-E6C44F151A01} -> profile=domain | dir=in | action=allow | name=hp connected photo powered by snapfish |
{2EB429FC-8854-41FE-AA7D-06FDEC380072} -> dir=out | action=allow | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{30078ECC-DA2E-45F4-9505-992F5BBB4427} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe ?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{305F2026-6394-400F-B62B-7ECA66807B30} -> profile=domain | dir=out | action=allow | name=hp games |
{31765795-8DF8-4756-AB37-0A76B68E77B6} -> profile=domain | dir=out | action=allow | name=hp+ |
{3207D2A4-ABFC-4EB6-BD37-C21352A7385D} -> profile=domain | dir=out | action=allow | name=skype |
{33F678A7-958A-4393-9BAA-9C0B95B40E1E} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{3546B019-5441-4353-87BC-50AC7ACCEE73} -> dir=out | action=allow | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 |
{370A3746-5EA0-4288-ABB0-21FEECA6313A} -> profile=domain | dir=out | action=allow | name=norton studio |
{370AA85F-2271-4975-AC09-0431B238885D} -> dir=in | action=allow | name=htcsyncmanager | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
{39B2B2AA-9F06-47DE-B308-D5A4C7F7402E} -> profile=domain | dir=out | action=allow | name=juniper networks junos pulse |
{3DD0057E-7889-43A1-A5C7-AA30D7B9849F} -> profile=domain | dir=out | action=allow | name=microsoft solitaire collection |
{3E4C113D-5CB9-4000-8AAC-829FF6A68AD1} -> profile=domain | dir=out | action=allow | name=check point vpn |
{3FE6889B-2E81-44A4-8744-E7A8470555F9} -> profile=domain | dir=out | action=allow | name=sonicwall mobile connect |
{402F0576-65C8-4564-98A0-E33F97A4F8D6} -> profile=domain | dir=in | action=allow | name=check point vpn |
{422F1F3A-A6EB-4EFB-B56F-FF4D5D295087} -> profile=domain | dir=in | action=allow | name=sonicwall mobile connect |
{4282FE99-8560-4BC7-9576-5F3ED84E263F} -> profile=domain | dir=in | action=allow | name=checkpoint.vpn |
{44262EA6-0308-428A-802D-F40E885A12B7} -> profile=domain | dir=out | action=allow | name=f5 vpn |
{4436EFBB-0AA1-4322-9933-99313417AB83} -> profile=domain | dir=in | action=allow | name=check point vpn |
{4623C344-71FE-44C7-BB99-46C53515F87E} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{47E3A243-D3BB-4394-AB80-F172884633C0} -> profile=domain | dir=out | action=allow | name=network speed test |
{4ABCE14A-62DA-4DE4-AB7D-CC9095CB3B64} -> dir=out | action=allow | name=hp connected music installer | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
{4BCDCBF3-B2B7-495F-B02E-C1083B10CBF8} -> profile=domain | dir=out | action=allow | name=box |
{4BCF3B2F-57AA-41E7-891C-5550D8CAA032} -> profile=domain | dir=out | action=allow | name=getting started with windows 8 |
{4ECE64EE-5461-450E-AF8A-4EEED0688520} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{4F049E24-52EA-401C-9F38-0B63C6B60C39} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
{50ADDF8C-69D4-479B-85CE-6F82AC590831} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{51D59717-8E5E-407A-9AE7-9C273726EE4B} -> profile=domain | dir=out | action=allow | name=sonicwall mobile connect |
{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6} -> profile=domain | dir=in | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{5571D51F-672E-4CAF-8EB3-D7778837E35C} -> profile=public | protocol=6 | dir=in | action=allow | name=wsyssvc | app=c:\programdata\esafe\egdpsvc.exe |
{55E67996-DFEC-4BE4-B92A-C05DFB15E351} -> profile=domain | dir=in | action=allow | name=juniper networks junos pulse |
{560448D6-095C-4907-B046-AC7F710701A7} -> profile=domain | dir=in | action=allow | name=sonicwall.mobileconnect |
{5608C8D2-7D76-4A49-B6BB-64419724F3DC} -> dir=out | action=allow | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{595C5C0C-9211-4D69-91A8-B55659F66E67} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{5AE5A36F-77ED-4F5D-9ACC-CC131D525A1F} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
{5B46143D-6011-415F-8744-319BDD285950} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
{5C55D8C3-FFAE-4C9E-BF1A-A456141945EA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{5CC48330-10BF-4C00-A1AC-80EA0E73A264} -> dir=in | action=allow | name=microsoft skydrive | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
{5E034E8B-B740-4F1B-B5F7-3BCB8CF0B242} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
{5E0E219B-84FA-45F4-A982-D519C50C6254} -> profile=domain | dir=out | action=allow | name=download youtube |
{5E5B496A-7EB9-4606-95BF-BAEE92D74ABF} -> dir=out | action=allow | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{5F0EAB5D-437E-44AA-8CAC-77F455892131} -> protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\williej\appdata\local\ilivid\ilivid.exe |
{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E} -> profile=domain | dir=out | action=allow | name=sonicwall.mobileconnect |
{60356624-7E65-4027-A624-DA525CA781AB} -> profile=domain | dir=out | action=allow | name=box |
{62B2D870-7C30-47BD-81E0-82C49A1BBFB3} -> profile=domain | dir=out | action=allow | name=netflix |
{6338F036-CEC5-414E-9953-5BE6FDDA9645} -> profile=domain | dir=out | action=allow | name=ebay |
{639A4CAE-AD85-481E-ABF0-BE1F04A41485} -> dir=out | action=allow | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
{66058675-6725-459E-85C8-F8062150E3FB} -> profile=domain | dir=in | action=allow | name=box |
{6A17039A-17B1-4DC8-B016-5B806EBE4116} -> profile=domain | dir=in | action=allow | name=microsoft solitaire collection |
{6C1D4232-1545-417C-B53B-03B8D026100A} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{6C401CD5-293D-434B-926B-51794E855F27} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
{6DCDADB3-048F-4CC2-B89E-2057FF1AAC27} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
{6F0420B2-BB04-4AD4-9307-B6AB51664F47} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{7146D6BD-EABA-403D-81A7-EE899BF2FD48} -> dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe ?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{74169D5B-C04E-4781-B2B3-6B366FD96418} -> dir=out | action=allow | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
{760C49FA-E484-4B49-87FA-E296B408A12F} -> profile=domain | dir=out | action=allow | name=microsoft community |
{762325D6-8CDF-4F8D-94F2-7B92BEDE89D5} -> profile=domain | dir=out | action=allow | name=netflix |
{799F791E-F57B-4F81-90AC-91E5FF3B2420} -> dir=out | action=allow | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{79DBA1B5-81C9-4327-8A4F-17890DBC989E} -> profile=domain | dir=out | action=allow | name=microsoft mahjong |
{79E89F5B-4CF0-4E63-B005-B34D6D4A1CF5} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
{7C360824-5965-4AB7-BF63-C5474AE84EED} -> profile=domain | dir=in | action=allow | name=hp connected photo powered by snapfish |
{7E74B00B-5EF0-4AB2-9201-E9A5051E6BAE} -> profile=domain | dir=out | action=allow | name=ebay |
{808F1451-4108-46FD-ADBB-F17324B5F0BD} -> dir=out | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{81CF806D-F8B2-4BEE-A875-D18BA4F24737} -> profile=domain | dir=in | action=allow | name=box |
{82F3E6ED-30D7-4B64-83C4-D4827F261DBB} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{8361697C-79A8-4789-A2D4-E546D6A77347} -> dir=out | action=allow | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
{83C05FA0-5559-47CA-9BD5-C82B3C8D5E43} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{83FC4E2F-4D83-4082-BDB0-6D0DA289D18B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{8506A14B-9683-4199-8BC8-EEBE444D1666} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
{874DDF18-4923-474D-AB26-BB3C7CF348C7} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{877321F6-B124-44D0-A1D5-640C3AD90FE3} -> profile=domain | dir=out | action=allow | name=kindle |
{87D3D24B-57F4-4BA8-A42A-054A66CD14AA} -> dir=in | action=allow | name=hp device detection | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
{8801B9BB-9D9C-4C2E-91A8-F3292042D4E9} -> profile=domain | dir=out | action=allow | name=hp registration |
{8918649C-5D1E-40FE-8D43-63C73234800F} -> profile=domain | dir=out | action=allow | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
{8A78B846-A712-4B73-A8C9-B6D536D589F9} -> dir=in | action=allow | name=cyberlink powerdvd 10.0 | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
{8BBA8DBE-282F-457E-9D00-DE4AAFFA261F} -> profile=domain | dir=out | action=allow | name=the espn app |
{8CBCBA4D-CDB3-4073-97DC-BCE6ED9938D7} -> profile=domain | dir=out | action=allow | name=hp+ |
{92E4F1EE-D973-499E-AD56-BCABDF8AB29A} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_3.0.1.205_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
{9376C78E-E240-4B98-8FEB-71102DCCCAEF} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{949E9180-C5B3-4932-ADDC-80639C135F0A} -> dir=out | action=allow | name=hp connected music spotify helper | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
{94F08781-FD6D-4930-A5B1-EB0400C2A980} -> profile=public | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\williej\appdata\roaming\dropbox\bin\dropbox.exe |
{966A1C45-0FF8-48CA-AF69-7790D65EBC89} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe ?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{98E9A028-7BAD-47D0-BD35-9C6C6403144B} -> profile=domain | dir=out | action=allow | name=windows 8 cheat keys |
{994D8C66-6132-4998-A865-E620B60A96FD} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{9BBA3A15-3947-4D93-A561-D52DCA726D5F} -> profile=public | protocol=6 | dir=in | action=block | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
{9E3D57FC-7C37-4424-9352-4831E97D029D} -> profile=domain | dir=out | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{A094D111-4456-4348-A218-31DEDC8C8791} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe |
{A0A7BEC5-AB76-43BB-B25C-6BD6BC42DF11} -> protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\williej\appdata\local\ilivid\ilivid.exe |
{A405E7E9-F67C-4525-A30A-5CC1CE0DFE9C} -> dir=out | action=allow | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{A5468E07-3CE9-40F1-B20E-5F95005974CF} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe |
{A842738F-64F0-411D-8562-3A9FD55729BB} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{AB9FCFC6-6A97-4D2A-AD7A-C05D06A6EE80} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{AF3BA850-32E2-4755-9276-2D2B388F0544} -> dir=out | action=allow | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{AFB1210F-A673-4A87-9B85-4360F80BFF73} -> profile=public | protocol=17 | dir=in | action=block | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
{AFB49534-5AF5-457F-B187-6DBDADE7EA6B} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{B0095DF9-F329-4222-B89D-7DFFA6F05367} -> dir=out | action=allow | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{B1DA6484-AC28-41EF-88D8-F566C939C880} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{B2A7A3B2-4A4A-47BF-B4CA-CC801CBE7EB3} -> profile=domain | dir=out | action=allow | name=hp connected photo powered by snapfish |
{B2EA1CFD-4707-48F6-96B1-D5A8AC581CDD} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bb we?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{B3F17021-C460-4675-8B6F-3089F9BB193E} -> profile=domain | dir=in | action=allow | name=juniper networks junos pulse |
{B3F32FAE-1982-4D19-BD9A-6212E840677F} -> profile=domain | dir=in | action=allow | name=microsoft mahjong |
{B7FD6E5E-9634-4AFB-A0E3-5ECA123E1F97} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
{BB27B1C2-4504-4843-BCBF-598C334527F5} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
{BFBA4937-E603-4E52-9B16-0CF9F4B33637} -> dir=out | action=allow | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{C075FA30-CBEF-469A-B67F-16D14EA2A33C} -> profile=domain | dir=out | action=allow | name=hp registration |
{C09A6F32-9802-42B2-9852-C87E82430571} -> profile=domain | dir=out | action=allow | name=microsoft mahjong |
{C16C2617-E2C6-409C-B3BF-B177C347CD87} -> profile=domain | dir=out | action=allow | name=getting started with windows 8 |
{C20C11F9-7D58-4375-8916-92702D0C0FAD} -> profile=domain | dir=in | action=allow | name=f5 vpn |
{C4A5EBA9-527D-415F-8EA7-D32E6E1F766B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{C6CECC1F-30D1-4CC2-8575-D6206EE16288} -> profile=domain | dir=out | action=allow | name=f5 vpn |
{C6D01BFB-274D-4B86-8F1A-9715BC8B81D8} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{C723FA4E-3B35-411E-A606-AFB0C2F190D8} -> dir=in | action=allow | name=hp connected music | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
{C80D4E5D-200F-4257-B7CC-CA05E5E37D22} -> profile=domain | dir=in | action=allow | name=f5 vpn |
{C9574444-D364-4714-960A-D861AFBC7741} -> profile=domain | dir=out | action=allow | name=hp connected photo powered by snapfish |
{C9B8FC8C-82CC-48B2-8DE5-C9CE2D67C788} -> profile=domain | dir=in | action=allow | name=hp+ |
{CA2C1349-CA87-40C3-8C39-F869A7C94F28} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
{CA5A85ED-169A-4625-91C4-C3A7750B8D08} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{CCD1CDE4-1A5F-4A51-AF46-C13B96DC4DC6} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
{CE282882-D6A9-4C7D-9196-6A45C79A829D} -> profile=domain | dir=in | action=allow | name=skype |
{CEEA6282-440A-406E-9951-69E82513B2CF} -> profile=domain | dir=out | action=allow | name=google search |
{CF1B876A-65CE-4CB9-A83C-C2A781B83DA6} -> dir=in | action=allow | name=hp connected music installer | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
{D2D45050-030B-4EEA-B534-A9BF459A90EE} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{D2D7FFC0-90DE-416B-9478-3EEAE8BBFFF4} -> dir=out | action=allow | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
{D4486780-A5D5-4077-BA48-455472AC6C2C} -> dir=out | action=allow | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{D44A8857-B871-43A6-A99B-9840153D10F4} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
{D6980480-941A-4DF6-AB81-3734ECD3D779} -> profile=domain | dir=out | action=allow | name=junipernetworks.junospulsevpn |
{D958C387-CF21-4143-814B-AB8AD2F6A10B} -> dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe ?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{D9D9EFF0-10D0-4FBC-9C70-8513D26ABBC8} -> dir=in | action=allow | name=htcsyncmanager | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
{DA2A295C-917B-4794-BA95-FDF5783CB70D} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{DA90F373-BBEE-412F-A84F-D02C56A390EA} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe |
{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2} -> profile=domain | dir=out | action=allow | name=checkpoint.vpn |
{DB5EB458-0092-48FF-9AE4-A9C902A12FA4} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
{DDF13D68-C228-40CE-8FE5-414DB71499FB} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
{E503AF24-007C-43AF-AA4D-2F9DA24BA727} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
{E521B7C4-1A50-4A8B-BB40-6912CA2397C9} -> profile=domain | dir=in | action=allow | name=microsoft mahjong |
{E52EA5A2-CC87-4475-AEAA-78AF71854EB6} -> profile=domain | dir=out | action=allow | name=allthecooks recipes |
{E56BFC90-B7E2-40F2-8B5F-326B4A962D41} -> profile=domain | dir=out | action=allow | name=flashcards pro |
{E6804BC8-7366-440A-9A64-8E0C8771449D} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
{E7985E1D-C36F-4787-80A8-6350D07E9266} -> profile=domain | dir=in | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{E7F89A4F-C65F-46BD-A637-361B4D089BAA} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{E86A321F-1F0A-4EF4-8438-2EFE8B156195} -> profile=domain | dir=out | action=allow | name=kindle |
{E973E276-3D28-43BC-9743-109BD160FA59} -> dir=out | action=allow | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
{EC333985-6445-4501-A5BD-3F15D73EBEFC} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
{EC799E33-72BA-42D7-9127-DEFE68F9799D} -> profile=domain | dir=in | action=allow | name=junipernetworks.junospulsevpn |
{EDE36A80-DDB3-4082-A78F-4FAD9D345D2F} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 |
{EFD1B4CF-386C-4828-8644-3E2F6D169252} -> profile=domain | dir=in | action=allow | name=the espn app |
{F22D79D4-31A8-48C0-8EC5-FD826D72A65C} -> profile=domain | dir=in | action=allow | name=skype |
{F40E0412-8ED1-4418-8B19-06DC7354C53F} -> profile=domain | dir=out | action=allow | name=check point vpn |
{F5F8D45A-66E0-4270-90B9-1C616F5D5440} -> dir=out | action=allow | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{F64300AD-D559-4000-BD45-0997BCC8E70A} -> profile=domain | dir=out | action=allow | name=f5.vpn.client |
{F77E5446-4378-4E99-8B7A-7061AAAEA193} -> profile=domain | dir=in | action=allow | name=f5.vpn.client |
{FA32B81C-C224-4EE5-9C57-DC98A818DFA5} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{FA664EF9-60C4-4CFA-A720-900FBBC320E4} -> profile=domain | dir=in | action=allow | name=microsoft solitaire collection |
{FCA6BDD5-3573-4E33-BABE-C938C09F1C16} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
TCP Query User{1D5A0472-29EC-466D-92AD-9C3D696EF31E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe -> profile=private | protocol=6 | dir=in | action=allow | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
UDP Query User{4A04A556-29E9-4211-B13D-3F5296F075AB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe -> profile=private | protocol=17 | dir=in | action=allow | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service] -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon] -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater] -> [2013/09/20 09:57:22 | 003,907,304 | ---- | M] (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service] -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> @cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver ->
"ImagePath" -> [\SystemRoot\System32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [] -> C:\autoexec.bat [ NTFS ] -> [2013/12/02 15:35:04 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2 ->
\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell
\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\AutoRun\command
\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\AutoRun\command\\"" -> ["F:\LaunchU3.exe" -a] -> File not found
\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell
\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\AutoRun\command
\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\AutoRun\command\\"" -> ["F:\LaunchU3.exe" -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
Minidump -> C:\WINDOWS\Minidump -> [2013/12/03 18:17:12 | 000,000,000 | ---D | C]
glindorus -> C:\Program Files (x86)\glindorus -> [2013/12/03 18:15:10 | 000,000,000 | ---D | C]
AdwCleaner -> C:\AdwCleaner -> [2013/12/03 18:07:21 | 000,000,000 | ---D | C]
sh4ldr -> C:\sh4ldr -> [2013/12/02 15:34:38 | 000,000,000 | ---D | C]
Enigma Software Group -> C:\Program Files\Enigma Software Group -> [2013/12/02 15:34:38 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2013/12/02 15:33:35 | 000,000,000 | ---D | C]
RefreshImage -> C:\RefreshImage -> [2013/12/01 21:28:01 | 000,000,000 | ---D | C]
DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2013/11/30 20:50:30 | 000,000,000 | ---D | C]
Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2013/11/30 20:48:31 | 000,000,000 | ---D | C]
Microsoft Office 2013 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 -> [2013/11/30 20:46:45 | 000,000,000 | ---D | C]
Microsoft Office 15 -> C:\Program Files\Microsoft Office 15 -> [2013/11/30 20:46:00 | 000,000,000 | ---D | C]
WinRAR -> C:\Users\WillieJ\AppData\Roaming\WinRAR -> [2013/11/30 20:06:25 | 000,000,000 | ---D | C]
Elaborate Bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes -> [2013/11/30 19:24:25 | 000,000,000 | ---D | C]
Elaborate Bytes -> C:\Program Files (x86)\Elaborate Bytes -> [2013/11/30 19:24:25 | 000,000,000 | ---D | C]
WinRAR -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2013/11/30 19:23:47 | 000,000,000 | ---D | C]
WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2013/11/30 19:23:47 | 000,000,000 | ---D | C]
WinRAR -> C:\Program Files\WinRAR -> [2013/11/30 19:23:18 | 000,000,000 | ---D | C]
Microsoft_Research -> C:\Users\WillieJ\AppData\Local\Microsoft_Research -> [2013/11/24 20:16:05 | 000,000,000 | ---D | C]
Symbols -> C:\WINDOWS\Symbols -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
ASCOM Platform 6 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOM Platform 6 -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
ASCOM -> C:\Program Files\Common Files\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
ASCOM -> C:\Program Files (x86)\Common Files\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
ASCOM -> C:\Program Files (x86)\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF} -> C:\ProgramData\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF} -> [2013/11/24 20:06:45 | 000,000,000 | -H-D | C]
ASCOM -> C:\Users\WillieJ\Documents\ASCOM -> [2013/11/24 20:06:31 | 000,000,000 | ---D | C]
WWT Collections -> C:\Users\WillieJ\Documents\WWT Collections -> [2013/11/24 19:54:16 | 000,000,000 | ---D | C]
WWT MIDI Controller Maps -> C:\Users\WillieJ\Documents\WWT MIDI Controller Maps -> [2013/11/24 19:54:11 | 000,000,000 | ---D | C]
d3dx10_43.dll -> C:\WINDOWS\SysNative\d3dx10_43.dll -> [2013/11/24 19:47:06 | 000,511,328 | ---- | C] (Microsoft Corporation)
d3dx10_43.dll -> C:\WINDOWS\SysWow64\d3dx10_43.dll -> [2013/11/24 19:47:06 | 000,470,880 | ---- | C] (Microsoft Corporation)
D3DCompiler_42.dll -> C:\WINDOWS\SysNative\D3DCompiler_42.dll -> [2013/11/24 19:47:05 | 002,582,888 | ---- | C] (Microsoft Corporation)
D3DCompiler_42.dll -> C:\WINDOWS\SysWow64\D3DCompiler_42.dll -> [2013/11/24 19:47:05 | 001,974,616 | ---- | C] (Microsoft Corporation)
d3dx11_42.dll -> C:\WINDOWS\SysNative\d3dx11_42.dll -> [2013/11/24 19:46:59 | 000,285,024 | ---- | C] (Microsoft Corporation)
d3dx11_42.dll -> C:\WINDOWS\SysWow64\d3dx11_42.dll -> [2013/11/24 19:46:59 | 000,235,344 | ---- | C] (Microsoft Corporation)
D3DCompiler_34.dll -> C:\WINDOWS\SysNative\D3DCompiler_34.dll -> [2013/11/24 19:46:53 | 001,401,200 | ---- | C] (Microsoft Corporation)
D3DCompiler_34.dll -> C:\WINDOWS\SysWow64\D3DCompiler_34.dll -> [2013/11/24 19:46:53 | 001,124,720 | ---- | C] (Microsoft Corporation)
d3dx10_34.dll -> C:\WINDOWS\SysNative\d3dx10_34.dll -> [2013/11/24 19:46:53 | 000,506,728 | ---- | C] (Microsoft Corporation)
d3dx10_34.dll -> C:\WINDOWS\SysWow64\d3dx10_34.dll -> [2013/11/24 19:46:53 | 000,443,752 | ---- | C] (Microsoft Corporation)
Microsoft Research -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research -> [2013/11/24 19:46:14 | 000,000,000 | ---D | C]
Microsoft Research -> C:\Program Files (x86)\Microsoft Research -> [2013/11/24 19:46:11 | 000,000,000 | ---D | C]
Wondershare -> C:\Users\WillieJ\AppData\Roaming\Wondershare -> [2013/11/23 18:23:58 | 000,000,000 | ---D | C]
AimerSoft -> C:\Users\WillieJ\AppData\Roaming\AimerSoft -> [2013/11/23 18:02:22 | 000,000,000 | ---D | C]
Aimersoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft -> [2013/11/23 17:59:00 | 000,000,000 | ---D | C]
VirtualAudio.sys -> C:\WINDOWS\SysNative\drivers\VirtualAudio.sys -> [2013/11/23 17:58:49 | 000,031,080 | ---- | C] (Wondershare)
Aimersoft -> C:\Program Files (x86)\Aimersoft -> [2013/11/23 17:58:46 | 000,000,000 | ---D | C]
PasswordBox -> C:\Program Files (x86)\PasswordBox -> [2013/11/23 17:23:40 | 000,000,000 | ---D | C]
Office -> C:\Users\WillieJ\Office -> [2013/11/22 05:13:27 | 000,000,000 | ---D | C]
ElevatedDiagnostics -> C:\Users\WillieJ\AppData\Local\ElevatedDiagnostics -> [2013/11/19 18:19:39 | 000,000,000 | ---D | C]
Diagnostics -> C:\Users\WillieJ\AppData\Local\Diagnostics -> [2013/11/19 18:18:54 | 000,000,000 | ---D | C]
iVIDI.org plugin -> C:\Program Files (x86)\iVIDI.org plugin -> [2013/11/16 22:15:07 | 000,000,000 | ---D | C]
Notificatoin -> C:\Program Files (x86)\Notificatoin -> [2013/11/16 22:15:03 | 000,000,000 | ---D | C]
actxprxy.dll -> C:\WINDOWS\SysNative\actxprxy.dll -> [2013/11/16 00:44:33 | 002,801,664 | ---- | C] (Microsoft Corporation)
twinui.appcore.dll -> C:\WINDOWS\SysNative\twinui.appcore.dll -> [2013/11/16 00:44:32 | 001,085,952 | ---- | C] (Microsoft Corporation)
twinui.appcore.dll -> C:\WINDOWS\SysWow64\twinui.appcore.dll -> [2013/11/16 00:44:32 | 000,869,888 | ---- | C] (Microsoft Corporation)
Windows.UI.Xaml.dll -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll -> [2013/11/16 00:44:11 | 018,577,408 | ---- | C] (Microsoft Corporation)
Windows.UI.Xaml.dll -> C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll -> [2013/11/16 00:44:09 | 013,925,888 | ---- | C] (Microsoft Corporation)
twinui.dll -> C:\WINDOWS\SysNative\twinui.dll -> [2013/11/16 00:44:09 | 013,176,320 | ---- | C] (Microsoft Corporation)
twinui.dll -> C:\WINDOWS\SysWow64\twinui.dll -> [2013/11/16 00:44:07 | 011,674,112 | ---- | C] (Microsoft Corporation)
WSService.dll -> C:\WINDOWS\SysNative\WSService.dll -> [2013/11/16 00:43:53 | 003,395,920 | ---- | C] (Microsoft Corporation)
mstscax.dll -> C:\WINDOWS\SysNative\mstscax.dll -> [2013/11/16 00:43:46 | 006,639,616 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\SysNative\ntoskrnl.exe -> [2013/11/16 00:43:45 | 007,399,256 | ---- | C] (Microsoft Corporation)
mstscax.dll -> C:\WINDOWS\SysWow64\mstscax.dll -> [2013/11/16 00:43:45 | 005,769,728 | ---- | C] (Microsoft Corporation)
SettingsHandlers.dll -> C:\WINDOWS\SysNative\SettingsHandlers.dll -> [2013/11/16 00:43:43 | 002,570,240 | ---- | C] (Microsoft Corporation)
SyncEngine.dll -> C:\WINDOWS\SysNative\SyncEngine.dll -> [2013/11/16 00:43:42 | 004,104,704 | ---- | C] (Microsoft Corporation)
dwmcore.dll -> C:\WINDOWS\SysNative\dwmcore.dll -> [2013/11/16 00:43:42 | 002,143,744 | ---- | C] (Microsoft Corporation)
authui.dll -> C:\WINDOWS\SysNative\authui.dll -> [2013/11/16 00:43:41 | 002,617,344 | ---- | C] (Microsoft Corporation)
AppXDeploymentServer.dll -> C:\WINDOWS\SysNative\AppXDeploymentServer.dll -> [2013/11/16 00:43:41 | 001,302,528 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2013/11/16 00:43:40 | 002,328,872 | ---- | C] (Microsoft Corporation)
authui.dll -> C:\WINDOWS\SysWow64\authui.dll -> [2013/11/16 00:43:40 | 002,295,808 | ---- | C] (Microsoft Corporation)
workfolderssvc.dll -> C:\WINDOWS\SysNative\workfolderssvc.dll -> [2013/11/16 00:43:40 | 001,584,128 | ---- | C] (Microsoft Corporation)
Windows.Media.dll -> C:\WINDOWS\SysNative\Windows.Media.dll -> [2013/11/16 00:43:40 | 001,231,360 | ---- | C] (Microsoft Corporation)
UIAutomationCore.dll -> C:\WINDOWS\SysNative\UIAutomationCore.dll -> [2013/11/16 00:43:40 | 001,147,904 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2013/11/16 00:43:39 | 002,065,448 | ---- | C] (Microsoft Corporation)
mfasfsrcsnk.dll -> C:\WINDOWS\SysNative\mfasfsrcsnk.dll -> [2013/11/16 00:43:38 | 001,067,080 | ---- | C] (Microsoft Corporation)
UIAutomationCore.dll -> C:\WINDOWS\SysWow64\UIAutomationCore.dll -> [2013/11/16 00:43:38 | 000,920,064 | ---- | C] (Microsoft Corporation)
Windows.Media.dll -> C:\WINDOWS\SysWow64\Windows.Media.dll -> [2013/11/16 00:43:38 | 000,888,832 | ---- | C] (Microsoft Corporation)
dwmcore.dll -> C:\WINDOWS\SysWow64\dwmcore.dll -> [2013/11/16 00:43:37 | 001,765,376 | ---- | C] (Microsoft Corporation)
mfasfsrcsnk.dll -> C:\WINDOWS\SysWow64\mfasfsrcsnk.dll -> [2013/11/16 00:43:37 | 000,883,184 | ---- | C] (Microsoft Corporation)
WSShared.dll -> C:\WINDOWS\SysNative\WSShared.dll -> [2013/11/16 00:43:37 | 000,839,680 | ---- | C] (Microsoft Corporation)
WSShared.dll -> C:\WINDOWS\SysWow64\WSShared.dll -> [2013/11/16 00:43:37 | 000,700,928 | ---- | C] (Microsoft Corporation)
mfsvr.dll -> C:\WINDOWS\SysNative\mfsvr.dll -> [2013/11/16 00:43:37 | 000,481,392 | ---- | C] (Microsoft Corporation)
d3d9.dll -> C:\WINDOWS\SysNative\d3d9.dll -> [2013/11/16 00:43:36 | 002,134,120 | ---- | C] (Microsoft Corporation)
kernel32.dll -> C:\WINDOWS\SysNative\kernel32.dll -> [2013/11/16 00:43:36 | 001,287,064 | ---- | C] (Microsoft Corporation)
Windows.Networking.BackgroundTransfer.dll -> C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll -> [2013/11/16 00:43:36 | 000,578,560 | ---- | C] (Microsoft Corporation)
d2d1.dll -> C:\WINDOWS\SysNative\d2d1.dll -> [2013/11/16 00:43:35 | 004,599,808 | ---- | C] (Microsoft Corporation)
Windows.Web.Http.dll -> C:\WINDOWS\SysNative\Windows.Web.Http.dll -> [2013/11/16 00:43:35 | 001,160,704 | ---- | C] (Microsoft Corporation)
d3d10level9.dll -> C:\WINDOWS\SysNative\d3d10level9.dll -> [2013/11/16 00:43:35 | 000,699,840 | ---- | C] (Microsoft Corporation)
mfsvr.dll -> C:\WINDOWS\SysWow64\mfsvr.dll -> [2013/11/16 00:43:35 | 000,380,656 | ---- | C] (Microsoft Corporation)
winmde.dll -> C:\WINDOWS\SysNative\winmde.dll -> [2013/11/16 00:43:34 | 001,399,176 | ---- | C] (Microsoft Corporation)
wmpmde.dll -> C:\WINDOWS\SysNative\wmpmde.dll -> [2013/11/16 00:43:34 | 001,373,872 | ---- | C] (Microsoft Corporation)
Windows.Web.Http.dll -> C:\WINDOWS\SysWow64\Windows.Web.Http.dll -> [2013/11/16 00:43:34 | 000,762,368 | ---- | C] (Microsoft Corporation)
Windows.Networking.BackgroundTransfer.dll -> C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll -> [2013/11/16 00:43:34 | 000,411,648 | ---- | C] (Microsoft Corporation)
TSWorkspace.dll -> C:\WINDOWS\SysNative\TSWorkspace.dll -> [2013/11/16 00:43:33 | 001,011,712 | ---- | C] (Microsoft Corporation)
iuilp.dll -> C:\WINDOWS\SysNative\iuilp.dll -> [2013/11/16 00:43:33 | 000,708,616 | ---- | C] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\SysNative\dnsapi.dll -> [2013/11/16 00:43:33 | 000,656,384 | ---- | C] (Microsoft Corporation)
AppReadiness.dll -> C:\WINDOWS\SysNative\AppReadiness.dll -> [2013/11/16 00:43:33 | 000,533,504 | ---- | C] (Microsoft Corporation)
winmde.dll -> C:\WINDOWS\SysWow64\winmde.dll -> [2013/11/16 00:43:32 | 001,204,968 | ---- | C] (Microsoft Corporation)
WorkfoldersControl.dll -> C:\WINDOWS\SysNative\WorkfoldersControl.dll -> [2013/11/16 00:43:32 | 000,761,856 | ---- | C] (Microsoft Corporation)
WWAHost.exe -> C:\WINDOWS\SysNative\WWAHost.exe -> [2013/11/16 00:43:32 | 000,631,296 | ---- | C] (Microsoft Corporation)
WWAHost.exe -> C:\WINDOWS\SysWow64\WWAHost.exe -> [2013/11/16 00:43:31 | 000,518,656 | ---- | C] (Microsoft Corporation)
AudioSes.dll -> C:\WINDOWS\SysNative\AudioSes.dll -> [2013/11/16 00:43:31 | 000,465,960 | ---- | C] (Microsoft Corporation)
eapphost.dll -> C:\WINDOWS\SysNative\eapphost.dll -> [2013/11/16 00:43:31 | 000,331,776 | ---- | C] (Microsoft Corporation)
kd_02_8086.dll -> C:\WINDOWS\SysNative\kd_02_8086.dll -> [2013/11/16 00:43:31 | 000,171,864 | ---- | C] (Microsoft Corporation)
ploptin.dll -> C:\WINDOWS\SysNative\ploptin.dll -> [2013/11/16 00:43:31 | 000,031,064 | ---- | C] (Microsoft Corporation)
comdlg32.dll -> C:\WINDOWS\SysNative\comdlg32.dll -> [2013/11/16 00:43:30 | 000,607,744 | ---- | C] (Microsoft Corporation)
apphelp.dll -> C:\WINDOWS\SysNative\apphelp.dll -> [2013/11/16 00:43:30 | 000,558,080 | ---- | C] (Microsoft Corporation)
tsmf.dll -> C:\WINDOWS\SysNative\tsmf.dll -> [2013/11/16 00:43:30 | 000,391,512 | ---- | C] (Microsoft Corporation)
eapp3hst.dll -> C:\WINDOWS\SysNative\eapp3hst.dll -> [2013/11/16 00:43:30 | 000,325,120 | ---- | C] (Microsoft Corporation)
portcls.sys -> C:\WINDOWS\SysNative\drivers\portcls.sys -> [2013/11/16 00:43:30 | 000,270,848 | ---- | C] (Microsoft Corporation)
TSWorkspace.dll -> C:\WINDOWS\SysWow64\TSWorkspace.dll -> [2013/11/16 00:43:29 | 000,795,648 | ---- | C] (Microsoft Corporation)
tsmf.dll -> C:\WINDOWS\SysWow64\tsmf.dll -> [2013/11/16 00:43:29 | 000,345,552 | ---- | C] (Microsoft Corporation)
wintrust.dll -> C:\WINDOWS\SysNative\wintrust.dll -> [2013/11/16 00:43:29 | 000,317,616 | ---- | C] (Microsoft Corporation)
pcsvDevice.dll -> C:\WINDOWS\SysNative\pcsvDevice.dll -> [2013/11/16 00:43:29 | 000,286,208 | ---- | C] (Microsoft Corporation)
psmsrv.dll -> C:\WINDOWS\SysNative\psmsrv.dll -> [2013/11/16 00:43:29 | 000,134,656 | ---- | C] (Microsoft Corporation)
ncryptsslp.dll -> C:\WINDOWS\SysNative\ncryptsslp.dll -> [2013/11/16 00:43:29 | 000,104,320 | ---- | C] (Microsoft Corporation)
spaceport.sys -> C:\WINDOWS\SysNative\drivers\spaceport.sys -> [2013/11/16 00:43:28 | 000,371,032 | ---- | C] (Microsoft Corporation)
eapphost.dll -> C:\WINDOWS\SysWow64\eapphost.dll -> [2013/11/16 00:43:28 | 000,262,144 | ---- | C] (Microsoft Corporation)
msched.dll -> C:\WINDOWS\SysNative\msched.dll -> [2013/11/16 00:43:28 | 000,132,608 | ---- | C] (Microsoft Corporation)
ncryptsslp.dll -> C:\WINDOWS\SysWow64\ncryptsslp.dll -> [2013/11/16 00:43:28 | 000,088,272 | ---- | C] (Microsoft Corporation)
samsrv.dll -> C:\WINDOWS\SysNative\samsrv.dll -> [2013/11/16 00:43:27 | 000,830,464 | ---- | C] (Microsoft Corporation)
USBXHCI.SYS -> C:\WINDOWS\SysNative\drivers\USBXHCI.SYS -> [2013/11/16 00:43:26 | 000,325,464 | ---- | C] (Microsoft Corporation)
dafBth.dll -> C:\WINDOWS\SysNative\dafBth.dll -> [2013/11/16 00:43:26 | 000,092,672 | ---- | C] (Microsoft Corporation)
TSWbPrxy.exe -> C:\WINDOWS\SysNative\TSWbPrxy.exe -> [2013/11/16 00:43:26 | 000,083,968 | ---- | C] (Microsoft Corporation)
stornvme.sys -> C:\WINDOWS\SysNative\drivers\stornvme.sys -> [2013/11/16 00:43:26 | 000,057,176 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\WINDOWS\SysNative\wuauclt.exe -> [2013/11/16 00:43:26 | 000,054,776 | ---- | C] (Microsoft Corporation)
wldp.dll -> C:\WINDOWS\SysNative\wldp.dll -> [2013/11/16 00:43:26 | 000,044,936 | ---- | C] (Microsoft Corporation)
intelpep.sys -> C:\WINDOWS\SysNative\drivers\intelpep.sys -> [2013/11/16 00:43:26 | 000,039,768 | ---- | C] (Microsoft Corporation)
Display.dll -> C:\WINDOWS\SysNative\Display.dll -> [2013/11/16 00:43:25 | 001,843,712 | ---- | C] (Microsoft Corporation)
Display.dll -> C:\WINDOWS\SysWow64\Display.dll -> [2013/11/16 00:43:25 | 001,816,576 | ---- | C] (Microsoft Corporation)
AppXDeploymentExtensions.dll -> C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll -> [2013/11/16 00:43:25 | 000,922,624 | ---- | C] (Microsoft Corporation)
WUSettingsProvider.dll -> C:\WINDOWS\SysNative\WUSettingsProvider.dll -> [2013/11/16 00:43:25 | 000,381,952 | ---- | C] (Microsoft Corporation)
dafWfdProvider.dll -> C:\WINDOWS\SysNative\dafWfdProvider.dll -> [2013/11/16 00:43:25 | 000,184,832 | ---- | C] (Microsoft Corporation)
shsetup.dll -> C:\WINDOWS\SysNative\shsetup.dll -> [2013/11/16 00:43:25 | 000,113,152 | ---- | C] (Microsoft Corporation)
eappcfg.dll -> C:\WINDOWS\SysNative\eappcfg.dll -> [2013/11/16 00:43:24 | 000,335,360 | ---- | C] (Microsoft Corporation)
eappcfg.dll -> C:\WINDOWS\SysWow64\eappcfg.dll -> [2013/11/16 00:43:24 | 000,272,896 | ---- | C] (Microsoft Corporation)
eapp3hst.dll -> C:\WINDOWS\SysWow64\eapp3hst.dll -> [2013/11/16 00:43:24 | 000,245,248 | ---- | C] (Microsoft Corporation)
WiFiDisplay.dll -> C:\WINDOWS\SysNative\WiFiDisplay.dll -> [2013/11/16 00:43:24 | 000,103,424 | ---- | C] (Microsoft Corporation)
eappgnui.dll -> C:\WINDOWS\SysNative\eappgnui.dll -> [2013/11/16 00:43:24 | 000,101,888 | ---- | C] (Microsoft Corporation)
shsetup.dll -> C:\WINDOWS\SysWow64\shsetup.dll -> [2013/11/16 00:43:24 | 000,094,208 | ---- | C] (Microsoft Corporation)
eappgnui.dll -> C:\WINDOWS\SysWow64\eappgnui.dll -> [2013/11/16 00:43:24 | 000,093,184 | ---- | C] (Microsoft Corporation)
wucltux.dll -> C:\WINDOWS\SysNative\wucltux.dll -> [2013/11/16 00:43:23 | 001,704,448 | ---- | C] (Microsoft Corporation)
rdpclip.exe -> C:\WINDOWS\SysNative\rdpclip.exe -> [2013/11/16 00:43:23 | 000,338,944 | ---- | C] (Microsoft Corporation)
Windows.ApplicationModel.Store.TestingFramework.dll -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll -> [2013/11/16 00:43:23 | 000,249,856 | ---- | C] (Microsoft Corporation)
Windows.ApplicationModel.Store.TestingFramework.dll -> C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll -> [2013/11/16 00:43:23 | 000,189,952 | ---- | C] (Microsoft Corporation)
WorkFoldersShell.dll -> C:\WINDOWS\SysNative\WorkFoldersShell.dll -> [2013/11/16 00:43:23 | 000,186,880 | ---- | C] (Microsoft Corporation)
ftp.exe -> C:\WINDOWS\SysWow64\ftp.exe -> [2013/11/16 00:43:23 | 000,049,152 | ---- | C] (Microsoft Corporation)
MrmCoreR.dll -> C:\WINDOWS\SysNative\MrmCoreR.dll -> [2013/11/16 00:43:22 | 000,909,312 | ---- | C] (Microsoft Corporation)
MrmCoreR.dll -> C:\WINDOWS\SysWow64\MrmCoreR.dll -> [2013/11/16 00:43:22 | 000,621,056 | ---- | C] (Microsoft Corporation)
miutils.dll -> C:\WINDOWS\SysNative\miutils.dll -> [2013/11/16 00:43:22 | 000,226,304 | ---- | C] (Microsoft Corporation)
miutils.dll -> C:\WINDOWS\SysWow64\miutils.dll -> [2013/11/16 00:43:22 | 000,180,224 | ---- | C] (Microsoft Corporation)
AppxAllUserStore.dll -> C:\WINDOWS\SysNative\AppxAllUserStore.dll -> [2013/11/16 00:43:22 | 000,160,768 | ---- | C] (Microsoft Corporation)
AppxAllUserStore.dll -> C:\WINDOWS\SysWow64\AppxAllUserStore.dll -> [2013/11/16 00:43:22 | 000,139,776 | ---- | C] (Microsoft Corporation)
ftp.exe -> C:\WINDOWS\SysNative\ftp.exe -> [2013/11/16 00:43:22 | 000,053,248 | ---- | C] (Microsoft Corporation)
OneNote Notebooks -> C:\Users\WillieJ\Documents\OneNote Notebooks -> [2013/11/13 12:49:16 | 000,000,000 | ---D | C]
gdi32.dll -> C:\WINDOWS\SysNative\gdi32.dll -> [2013/11/12 17:09:12 | 001,341,288 | ---- | C] (Microsoft Corporation)
wfplwfs.sys -> C:\WINDOWS\SysNative\drivers\wfplwfs.sys -> [2013/11/12 17:09:11 | 000,136,536 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\SysWow64\inetcpl.cpl -> [2013/11/12 17:09:05 | 001,926,656 | ---- | C] (Microsoft Corporation)
ieetwcollector.exe -> C:\WINDOWS\SysNative\ieetwcollector.exe -> [2013/11/12 17:09:05 | 000,111,616 | ---- | C] (Microsoft Corporation)
jscript9.dll -> C:\WINDOWS\SysNative\jscript9.dll -> [2013/11/12 17:09:04 | 005,765,120 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\SysNative\inetcpl.cpl -> [2013/11/12 17:09:04 | 001,993,728 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\SysNative\ie4uinit.exe -> [2013/11/12 17:09:04 | 000,218,624 | ---- | C] (Microsoft Corporation)
crypt32.dll -> C:\WINDOWS\SysNative\crypt32.dll -> [2013/11/12 17:09:02 | 001,943,536 | ---- | C] (Microsoft Corporation)
Custom Office Templates -> C:\Users\WillieJ\Documents\Custom Office Templates -> [2013/11/12 15:52:34 | 000,000,000 | ---D | C]
dtsoftbus01.sys -> C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | C] (Disc Soft Ltd)
DAEMON Tools Lite -> C:\Users\WillieJ\AppData\Roaming\DAEMON Tools Lite -> [2013/11/10 10:03:09 | 000,000,000 | ---D | C]
DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2013/11/10 10:03:08 | 000,000,000 | ---D | C]
DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2013/11/10 10:02:11 | 000,000,000 | ---D | C]
Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2013/11/09 18:43:28 | 000,000,000 | ---D | C]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp ->

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/12/04 18:02:00 | 000,000,920 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\SysNative\PerfStringBackup.INI -> [2013/12/04 05:23:20 | 000,956,476 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\SysNative\perfh009.dat -> [2013/12/04 05:23:20 | 000,794,884 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\SysNative\perfc009.dat -> [2013/12/04 05:23:20 | 000,161,140 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/12/04 05:19:47 | 000,000,916 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/12/04 05:18:56 | 000,067,584 | --S- | M] ()
swapfile.sys -> C:\swapfile.sys -> [2013/12/04 05:16:54 | 268,435,456 | -HS- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2013/12/04 05:16:54 | 1883,643,903 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\SysNative\FNTCACHE.DAT -> [2013/12/02 18:56:10 | 000,492,440 | ---- | M] ()
autoexec.bat -> C:\autoexec.bat -> [2013/12/02 15:35:04 | 000,000,000 | ---- | M] ()
diagwrn.xml -> C:\WINDOWS\diagwrn.xml -> [2013/12/01 21:30:50 | 000,049,264 | ---- | M] ()
diagerr.xml -> C:\WINDOWS\diagerr.xml -> [2013/12/01 21:30:50 | 000,048,273 | ---- | M] ()
HPCeeScheduleForWillieJ.job -> C:\WINDOWS\tasks\HPCeeScheduleForWillieJ.job -> [2013/11/30 21:15:01 | 000,000,354 | ---- | M] ()
Virtual CloneDrive.lnk -> C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> [2013/11/30 19:24:41 | 000,001,233 | ---- | M] ()
µTorrent.lnk -> C:\Users\WillieJ\Desktop\µTorrent.lnk -> [2013/11/30 19:10:46 | 000,000,905 | ---- | M] ()
Google Chrome.lnk -> C:\Users\WillieJ\Desktop\Google Chrome.lnk -> [2013/11/30 18:59:09 | 000,002,424 | ---- | M] ()
Launch Internet Explorer Browser.lnk -> C:\Users\WillieJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2013/11/30 18:59:02 | 000,001,625 | ---- | M] ()
WWT ¦ Mars.lnk -> C:\Users\Public\Desktop\WWT ¦ Mars.lnk -> [2013/11/25 18:03:55 | 000,002,687 | ---- | M] ()
WorldWide Telescope.lnk -> C:\Users\Public\Desktop\WorldWide Telescope.lnk -> [2013/11/25 18:03:55 | 000,002,675 | ---- | M] ()
ASCOM Diagnostics.lnk -> C:\Users\Public\Desktop\ASCOM Diagnostics.lnk -> [2013/11/24 20:07:32 | 000,001,253 | ---- | M] ()
ProfileExplorer.lnk -> C:\Users\Public\Desktop\ProfileExplorer.lnk -> [2013/11/24 20:07:32 | 000,001,091 | ---- | M] ()
Aimersoft Music Recorder.lnk -> C:\Users\WillieJ\Desktop\Aimersoft Music Recorder.lnk -> [2013/11/23 17:59:00 | 000,001,240 | ---- | M] ()
avgtpx64.sys -> C:\WINDOWS\SysNative\drivers\avgtpx64.sys -> [2013/11/21 16:37:31 | 000,046,368 | ---- | M] (AVG Technologies)
HTC Sync Manager.lnk -> C:\Users\Public\Desktop\HTC Sync Manager.lnk -> [2013/11/20 05:04:32 | 000,002,014 | ---- | M] ()
Send to OneNote.lnk -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> [2013/11/13 12:49:27 | 000,001,122 | ---- | M] ()
klelam.sys -> C:\WINDOWS\SysNative\drivers\klelam.sys -> [2013/11/13 03:53:59 | 000,029,792 | ---- | M] (Kaspersky Lab)
Ford Escape.pdf -> C:\Users\WillieJ\Documents\Ford Escape.pdf -> [2013/11/11 16:47:21 | 000,059,880 | ---- | M] ()
Controller.pdf -> C:\Users\WillieJ\Documents\Controller.pdf -> [2013/11/11 16:40:55 | 000,059,892 | ---- | M] ()
DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2013/11/10 10:03:20 | 000,001,929 | ---- | M] ()
dtsoftbus01.sys -> C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | M] (Disc Soft Ltd)
Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2013/11/09 18:43:28 | 000,002,199 | ---- | M] ()
FlashPlayerApp.exe -> C:\WINDOWS\SysWow64\FlashPlayerApp.exe -> [2013/11/05 17:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated)
FlashPlayerCPLApp.cpl -> C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl -> [2013/11/05 17:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated)
Windows.UI.Xaml.dll -> C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll -> [2013/11/05 10:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation)
Windows.UI.Xaml.dll -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll -> [2013/11/05 10:11:46 | 018,577,408 | ---- | M] (Microsoft Corporation)
twinui.dll -> C:\WINDOWS\SysWow64\twinui.dll -> [2013/11/05 08:30:00 | 011,674,112 | ---- | M] (Microsoft Corporation)
twinui.dll -> C:\WINDOWS\SysNative\twinui.dll -> [2013/11/05 08:29:00 | 013,176,320 | ---- | M] (Microsoft Corporation)
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp ->

[Files - No Company Name]
autoexec.bat -> C:\autoexec.bat -> [2013/12/02 15:35:04 | 000,000,000 | ---- | C] ()
Virtual CloneDrive.lnk -> C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> [2013/11/30 19:24:41 | 000,001,233 | ---- | C] ()
µTorrent.lnk -> C:\Users\WillieJ\Desktop\µTorrent.lnk -> [2013/11/30 19:10:46 | 000,000,905 | ---- | C] ()
ASCOM Diagnostics.lnk -> C:\Users\Public\Desktop\ASCOM Diagnostics.lnk -> [2013/11/24 20:07:32 | 000,001,253 | ---- | C] ()
ProfileExplorer.lnk -> C:\Users\Public\Desktop\ProfileExplorer.lnk -> [2013/11/24 20:07:32 | 000,001,091 | ---- | C] ()
WWT ¦ Mars.lnk -> C:\Users\Public\Desktop\WWT ¦ Mars.lnk -> [2013/11/24 19:46:14 | 000,002,687 | ---- | C] ()
WorldWide Telescope.lnk -> C:\Users\Public\Desktop\WorldWide Telescope.lnk -> [2013/11/24 19:46:14 | 000,002,675 | ---- | C] ()
Aimersoft Music Recorder.lnk -> C:\Users\WillieJ\Desktop\Aimersoft Music Recorder.lnk -> [2013/11/23 17:59:00 | 000,001,240 | ---- | C] ()
ApnDatabase.xml -> C:\WINDOWS\SysNative\ApnDatabase.xml -> [2013/11/16 00:43:25 | 000,385,528 | ---- | C] ()
Send to OneNote.lnk -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> [2013/11/13 12:49:26 | 000,001,122 | ---- | C] ()
Ford Escape.pdf -> C:\Users\WillieJ\Documents\Ford Escape.pdf -> [2013/11/11 16:47:20 | 000,059,880 | ---- | C] ()
Controller.pdf -> C:\Users\WillieJ\Documents\Controller.pdf -> [2013/11/11 16:40:55 | 000,059,892 | ---- | C] ()
DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2013/11/10 10:03:20 | 000,001,929 | ---- | C] ()
Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2013/11/09 18:43:28 | 000,002,199 | ---- | C] ()
resmon.resmoncfg -> C:\Users\WillieJ\AppData\Local\resmon.resmoncfg -> [2013/10/29 20:19:59 | 000,007,618 | ---- | C] ()
PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2013/10/21 21:04:19 | 000,930,400 | ---- | C] ()
ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2013/10/21 21:02:55 | 000,000,000 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2013/10/20 17:34:13 | 000,000,060 | ---- | C] ()
amdhdl32.dll -> C:\WINDOWS\SysWow64\amdhdl32.dll -> [2013/09/18 23:32:30 | 000,123,392 | ---- | C] ()
ativvsvl.dat -> C:\WINDOWS\SysWow64\ativvsvl.dat -> [2013/08/24 20:02:32 | 000,204,952 | ---- | C] ()
ativvsva.dat -> C:\WINDOWS\SysWow64\ativvsva.dat -> [2013/08/24 20:02:32 | 000,157,144 | ---- | C] ()
atipblag.dat -> C:\WINDOWS\SysWow64\atipblag.dat -> [2013/08/24 20:02:28 | 000,003,917 | ---- | C] ()
amdocl_as32.exe -> C:\WINDOWS\SysWow64\amdocl_as32.exe -> [2013/08/24 20:02:16 | 000,995,342 | ---- | C] ()
amdocl_ld32.exe -> C:\WINDOWS\SysWow64\amdocl_ld32.exe -> [2013/08/24 20:02:16 | 000,798,734 | ---- | C] ()
dssec.dat -> C:\WINDOWS\SysWow64\dssec.dat -> [2013/08/22 09:36:43 | 000,215,943 | ---- | C] ()
NOISE.DAT -> C:\WINDOWS\SysWow64\NOISE.DAT -> [2013/08/22 09:36:42 | 000,000,741 | ---- | C] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/08/22 08:46:23 | 000,067,584 | --S- | C] ()
mib.bin -> C:\WINDOWS\mib.bin -> [2013/08/22 01:01:23 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\WINDOWS\SysWow64\BWContextHandler.dll -> [2013/08/21 21:32:36 | 000,046,080 | ---- | C] ()
OEMLicense.dll -> C:\WINDOWS\SysWow64\OEMLicense.dll -> [2013/08/21 21:17:46 | 000,103,936 | ---- | C] ()
msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2013/08/21 17:55:20 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\WINDOWS\SysWow64\mlang.dat -> [2013/08/21 17:52:39 | 000,673,088 | ---- | C] ()
FW7650.bin -> C:\WINDOWS\SysWow64\drivers\FW7650.bin -> [2013/07/06 16:04:12 | 000,367,348 | ---- | C] ()
RaCheckBTDev.ini -> C:\WINDOWS\SysWow64\RaCheckBTDev.ini -> [2013/07/06 16:04:12 | 000,000,313 | ---- | C] ()
igkrng500.bin -> C:\WINDOWS\SysWow64\igkrng500.bin -> [2012/07/25 14:22:54 | 000,982,240 | ---- | C] ()
igcompkrng500.bin -> C:\WINDOWS\SysWow64\igcompkrng500.bin -> [2012/07/25 14:22:54 | 000,439,308 | ---- | C] ()
igfcg500m.bin -> C:\WINDOWS\SysWow64\igfcg500m.bin -> [2012/07/25 14:22:54 | 000,092,356 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 220 bytes -> C:\Users\WillieJ\SkyDrive:ms-properties
< End of report >
[/code]
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Dec-2013, 03:21 AM #11
please attach the report as a txt file
when it is spread over several posts, it cannot be used to build a fix without lots of extra work
thanks
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
05-Dec-2013, 07:13 AM #12
do I need to post the findings again.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Dec-2013, 08:54 AM #13
please attach the findings as a txt file
it was too big to go in one post
we asked you to do that in the original request
Quote:
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
toopay's Avatar
toopay toopay is offline
Computer Specs
Member with 348 posts.
THREAD STARTER
 
Join Date: Jun 2003
Location: Charenton, La.
Experience: Intermediate
05-Dec-2013, 08:56 PM #14
the report is listed as a txt file but will not upload to your site. please instruct as to how to do this
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
06-Dec-2013, 03:45 AM #15
it might be too large or it might be a.log
please right click the file icon & select send to compressed (zip) folders
that makes a zip file. Upload the zip
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑