1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browers Problem

Discussion in 'Virus & Other Malware Removal' started by toopay, Dec 2, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Can someone please help me to remove Nation Zoom.
    I have tried to do it from the registry and also using Safe Mode

    Please Help
     
  2. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    30,995
    Can you be more specific? as in does it show up as a home page, toolbar... etc?

    I just found out what Nation Zoom is. It's a browser hijacker. I have requested this to be moved to the Malware forum for better assistance.
     
  3. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    It comes up when browser is open, but not listed as home page; when the home button is pressed then I can go to home page. also is not listed as search engine
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    follow advice here and post the logs those programs make
     
  5. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:41:58 PM, on 12/3/2013
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.16384)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
    C:\Users\WillieJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files\WindowsApps\2462GerasimovRoman.MicrosoftCommunity_1.0.0.0_neutral__dtya9j4hwybzc\Microsoft Community.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Users\WillieJ\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: glindorus - {9598e82a-7e09-4438-b425-b9e9718c3c73} - C:\Program Files (x86)\glindorus\glindorusbho.dll
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.2\AVG SafeGuard toolbar_toolbar.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.2\AVG SafeGuard toolbar_toolbar.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
    O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [iLivid] "C:\Users\WillieJ\AppData\Local\iLivid\iLivid.exe" -autorun
    O4 - Startup: Dropbox.lnk = WillieJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    O23 - Service: Level Quality Watcher - Unknown owner - C:\WINDOWS\Installer\MSI5949.tmp.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: Update glindorus - Unknown owner - C:\Program Files (x86)\glindorus\updateglindorus.exe
    O23 - Service: Util glindorus - Unknown owner - C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater17.1.3 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

    --
    End of file - 15021 bytes

    When I run the DDS program I get the error message can not run in Compatibility Mode

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-03 17:00:55
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST2000DM001-1CH164 rev.HP33 1863.02GB
    Running: gmer.exe; Driver: C:\Users\WillieJ\AppData\Local\Temp\uwldipoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600010ae00 15 bytes [00, 8F, 0F, 02, 40, F0, 6F, ...]
    .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600010ae10 11 bytes [00, DB, FB, FF, 80, C7, D2, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffad779169a 4 bytes [79, D7, FA, 7F]
    .text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffad77916a2 4 bytes [79, D7, FA, 7F]
    .text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffad779181a 4 bytes [79, D7, FA, 7F]
    .text C:\WINDOWS\System32\spoolsv.exe[1668] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffad7791832 4 bytes [79, D7, FA, 7F]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffad779169a 4 bytes [79, D7, FA, 7F]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffad77916a2 4 bytes [79, D7, FA, 7F]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffad779181a 4 bytes [79, D7, FA, 7F]
    .text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[10352] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffad7791832 4 bytes [79, D7, FA, 7F]

    ---- Threads - GMER 2.1 ----

    Thread C:\WINDOWS\system32\csrss.exe [744:4880] fffff9600088c4d0
    Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:6640] 00000000598f6db4
    Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:6636] 00000000598f6214
    Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [7056:2856] 00000000598f6db4
    Thread C:\Windows\System32\SettingSyncHost.exe [3572:1620] 00007ffac64964f4
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10728] 000000000fb8a567
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:8716] 000000000fb8a567
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10484] 00000000779b5658
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10612] 00000000779b5658
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10776] 0000000075624c23
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:11184] 0000000075624c23
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4680] 000000000f44f28e
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4056] 00000000009be008
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10712] 0000000007a16d72
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:4664] 00000000779b5658
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:10636] 00000000779b5658
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:1828] 00000000779b5658
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [10496:3832] 00000000779b5658

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    you have w8.1 and very little of the tools run on that

    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]
     
  7. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    # AdwCleaner v3.014 - Report created 03/12/2013 at 18:10:34
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : WillieJ - TOOPAY
    # Running from : C:\Users\WillieJ\AppData\Local\Microsoft\Windows\INetCache\IE\82FW57FK\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : Level Quality Watcher
    [#] Service Deleted : Update glindorus
    [#] Service Deleted : Util glindorus
    Service Deleted : WsysSvc

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\eSafe
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\glindorus
    Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Level Quality Watcher
    Folder Deleted : C:\Users\WillieJ\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\WillieJ\AppData\Local\jZip
    Folder Deleted : C:\Users\WillieJ\AppData\Local\PackageAware
    Folder Deleted : C:\Users\WillieJ\AppData\Local\Temp\jZip
    Folder Deleted : C:\Users\WillieJ\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\WillieJ\Documents\PC Health Kit
    Folder Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
    Folder Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
    File Deleted : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\FLEXnet
    Key Deleted : HKCU\Software\glindorus
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\jZip
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\eSafeSecControl
    Key Deleted : HKLM\Software\glindorus
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\glindorus

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16384


    -\\ Google Chrome v31.0.1650.57

    [ File : C:\Users\WillieJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [9292 octets] - [03/12/2013 18:07:36]
    AdwCleaner[S0].txt - [9045 octets] - [03/12/2013 18:10:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9105 octets] ##########
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    That got quite a lot, but I am not certain that it got it all
    Download OTS.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTS, allow it to run.
    • Double-click on OTS.exe to start the program.
    • In the Files Age drop down box click 90
    • in the Additional scans sections please select Everything and make sure safe list box is checked
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  9. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Code:
    OTS logfile created on: 12/4/2013 6:29:05 PM - Run 2
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\WillieJ\Downloads
    64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16438)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    7.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 4.00 Gb Available in Paging File | 48.00% Paging File free
    Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1843.44 Gb Total Space | 1755.93 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
    Drive D: | 17.76 Gb Total Space | 0.26 Gb Free Space | 1.46% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: TOOPAY
    Current User Name: WillieJ
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Users\WillieJ\Downloads\OTS.exe -> [2013/12/04 16:44:19 | 000,646,656 | ---- | M] (OldTimer Tools)
    msosync.exe -> C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE -> [2013/11/30 20:49:01 | 000,449,216 | ---- | M] (Microsoft Corporation)
    googlecrashhandler.exe -> C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe -> [2013/11/28 01:57:41 | 000,223,112 | ---- | M] (Google Inc.)
    adb.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe -> [2013/11/14 21:32:12 | 000,821,600 | ---- | M] ()
    htcsyncmanager.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe -> [2013/11/14 21:30:28 | 000,083,312 | ---- | M] ()
    pbbtnservice.exe -> C:\Program Files (x86)\PasswordBox\pbbtnService.exe -> [2013/11/01 14:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.)
    avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -> [2013/10/16 06:14:25 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO)
    sdfssvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
    sdupdsvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
    sdwscsvc.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -> [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.)
    hsmserviceentry.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -> [2013/09/02 09:51:38 | 000,087,368 | ---- | M] (Nero AG)
    sdtray.exe -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
    sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2013/07/03 02:32:44 | 000,660,184 | ---- | M] (Secunia)
    genie2_tray.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe -> [2013/04/07 05:42:00 | 000,123,136 | ---- | M] ()
    netgeargenie.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
    ekaiohostservice.exe -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company)
    dgnsvc.exe -> C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -> [2013/02/11 17:48:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.)
    ekprintersdk.exe -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -> [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company)
    protectedobjectssrv.exe -> C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -> [2012/12/21 13:32:50 | 000,819,040 | ---- | M] (Infowatch)
    passthrusvr.exe -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2012/12/07 16:26:56 | 000,167,424 | ---- | M] ()
    clmlsvc_p2g8.exe -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe -> [2012/11/01 08:28:08 | 000,111,120 | ---- | M] (CyberLink)
     
    [Modules - No Company Name]
    c2r32.dll -> C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll -> [2013/11/30 20:46:05 | 000,359,592 | ---- | M] ()
    appvisvstream32.dll -> C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll -> [2013/11/30 20:46:05 | 000,316,584 | ---- | M] ()
    devconnmon.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll -> [2013/11/14 21:34:24 | 000,223,592 | ---- | M] ()
    wpdenc.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WPDEnc.dll -> [2013/11/14 21:34:22 | 000,223,584 | ---- | M] ()
    resourcemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\ResourceMgt.dll -> [2013/11/14 21:34:18 | 000,170,352 | ---- | M] ()
    wifidevicemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WifiDeviceMgt.dll -> [2013/11/14 21:34:16 | 000,186,736 | ---- | M] ()
    desktopclientlitedll.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientLiteDll.dll -> [2013/11/14 21:34:06 | 000,403,840 | ---- | M] ()
    desktopclientlib.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientLib.dll -> [2013/11/14 21:34:04 | 000,239,992 | ---- | M] ()
    desktopclientcpplib_vc80.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientCppLib_vc80.dll -> [2013/11/14 21:34:02 | 003,832,200 | ---- | M] ()
    npplayer.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\plugins\npplayer.dll -> [2013/11/14 21:33:36 | 000,829,800 | ---- | M] ()
    pthreadvc2.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\pthreadVC2.dll -> [2013/11/14 21:33:10 | 000,058,728 | ---- | M] ()
    profilemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\ProfileMgt.dll -> [2013/11/14 21:32:36 | 000,444,776 | ---- | M] ()
    androidplaylist.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\AndroidPlaylist.dll -> [2013/11/14 21:32:30 | 000,194,936 | ---- | M] ()
    htcsyncmanagerlib.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManagerLib.dll -> [2013/11/14 21:32:14 | 000,465,272 | ---- | M] ()
    adb.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe -> [2013/11/14 21:32:12 | 000,821,600 | ---- | M] ()
    sqlite3.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll -> [2013/11/14 21:31:16 | 000,607,376 | ---- | M] ()
    htcsyncmanager.exe -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe -> [2013/11/14 21:30:28 | 000,083,312 | ---- | M] ()
    system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b66c3a9184d6f58a4ea4c9fda959ae1\System.Configuration.ni.dll -> [2013/10/24 21:26:37 | 000,978,432 | ---- | M] ()
    accessibility.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\23e548dbd70b2fa536b3579481f32f1a\Accessibility.ni.dll -> [2013/10/24 21:26:27 | 000,025,600 | ---- | M] ()
    system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9e55130078215e51257977a651b0696b\System.Xml.ni.dll -> [2013/10/21 21:43:50 | 005,463,552 | ---- | M] ()
    system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac55000ab752ad6469e74bc2031a3ef\System.Windows.Forms.ni.dll -> [2013/10/21 21:43:47 | 012,436,480 | ---- | M] ()
    system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e846f72e7c00312a5d9c04e7f70fa4a8\System.Drawing.ni.dll -> [2013/10/21 21:43:41 | 001,593,344 | ---- | M] ()
    system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5a86b00da9227fe7c9a1f6ca95c1850c\System.ni.dll -> [2013/10/21 21:43:15 | 007,993,856 | ---- | M] ()
    mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0cc1da9cd31b490f4ec04cb6c2aa0519\mscorlib.ni.dll -> [2013/10/21 21:43:11 | 011,499,520 | ---- | M] ()
    crashrpt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\CrashRpt.dll -> [2013/10/17 15:43:48 | 000,162,152 | ---- | M] ()
    webkit.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WebKit.dll -> [2013/10/17 15:42:56 | 021,281,120 | ---- | M] ()
    mmsync.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\mmsync.dll -> [2013/10/17 15:42:46 | 000,112,992 | ---- | M] ()
    dautil.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\dautil.dll -> [2013/10/17 15:42:44 | 000,021,344 | ---- | M] ()
    dbadapter.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DBAdapter.dll -> [2013/10/17 15:42:26 | 000,045,928 | ---- | M] ()
    zlib1.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll -> [2013/10/17 15:42:24 | 000,129,376 | ---- | M] ()
    webkitbrowser.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\WebKitBrowser.dll -> [2013/10/17 15:42:22 | 000,117,104 | ---- | M] ()
    libxml2.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\libxml2.dll -> [2013/10/17 15:42:12 | 001,153,384 | ---- | M] ()
    libpng.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\libpng.dll -> [2013/10/17 15:42:10 | 000,190,816 | ---- | M] ()
    javascriptcore.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\JavaScriptCore.dll -> [2013/10/17 15:42:06 | 003,041,648 | ---- | M] ()
    icuuc.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\icuuc.dll -> [2013/10/17 15:41:54 | 001,349,984 | ---- | M] ()
    icudt48.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\icudt48.dll -> [2013/10/17 15:41:50 | 021,973,352 | ---- | M] ()
    cflite.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\CFLite.dll -> [2013/10/17 15:41:48 | 000,776,544 | ---- | M] ()
    cairo.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\cairo.dll -> [2013/10/17 15:41:46 | 001,046,880 | ---- | M] ()
    nadvlog.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll -> [2013/10/17 15:40:34 | 000,044,392 | ---- | M] ()
    nfilecachedbaccess.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll -> [2013/10/17 15:40:32 | 000,036,216 | ---- | M] ()
    groupmgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\GroupMgt.dll -> [2013/10/17 15:40:30 | 000,019,304 | ---- | M] ()
    fileplugin_cnt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\FilePlugin_Cnt.dll -> [2013/10/17 15:40:18 | 000,016,240 | ---- | M] ()
    dbaccess.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll -> [2013/10/17 15:40:06 | 000,031,080 | ---- | M] ()
    devicemgt.dll -> C:\Program Files (x86)\HTC\HTC Sync Manager\DeviceMgt.dll -> [2013/10/17 15:39:46 | 000,133,480 | ---- | M] ()
    genie.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll -> [2013/06/04 19:22:32 | 000,481,280 | ---- | M] ()
    genieplugin_map.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll -> [2013/05/28 00:21:30 | 004,334,592 | ---- | M] ()
    snlthirdparty150.bpl -> C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl -> [2013/05/16 09:55:26 | 000,113,496 | ---- | M] ()
    dec150.bpl -> C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl -> [2013/05/16 09:55:24 | 000,416,600 | ---- | M] ()
    genieplugin_resource.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll -> [2013/05/14 20:56:24 | 008,432,128 | ---- | M] ()
    genieplugin_ui.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll -> [2013/05/13 23:18:30 | 000,931,840 | ---- | M] ()
    genieplugin_airprint.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll -> [2013/05/09 21:12:10 | 000,229,888 | ---- | M] ()
    genieplugin_routerconfiguration.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll -> [2013/04/28 00:25:56 | 001,205,760 | ---- | M] ()
    genie2_tray.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe -> [2013/04/07 05:42:00 | 000,123,136 | ---- | M] ()
    netgeargenie.exe -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
    genieplugin_networkproblem.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll -> [2013/03/27 02:52:32 | 000,500,736 | ---- | M] ()
    innerplugin_update.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll -> [2013/03/27 02:51:52 | 000,714,240 | ---- | M] ()
    genieplugin_statistics.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll -> [2013/03/27 02:51:40 | 000,641,536 | ---- | M] ()
    genieplugin_parentalcontrol.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll -> [2013/03/27 02:51:26 | 001,198,080 | ---- | M] ()
    dragonnettool.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll -> [2013/03/27 02:50:02 | 000,186,368 | ---- | M] ()
    wsetupapiplugin.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll -> [2013/03/27 02:49:54 | 000,116,224 | ---- | M] ()
    innerplugin_wirelessexport.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll -> [2013/03/27 02:49:40 | 000,485,376 | ---- | M] ()
    genieplugin_wireless.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll -> [2013/03/27 02:49:26 | 000,438,272 | ---- | M] ()
    genieplugin_internet.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll -> [2013/03/27 02:43:48 | 001,067,520 | ---- | M] ()
    diagnoseplugin.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll -> [2013/03/27 02:42:54 | 000,137,728 | ---- | M] ()
    qrcode.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll -> [2013/03/27 02:42:52 | 000,088,064 | ---- | M] ()
    svtnetworktool.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll -> [2013/03/27 02:42:50 | 001,553,920 | ---- | M] ()
    netcardapi.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll -> [2013/03/26 20:58:14 | 000,074,752 | ---- | M] ()
    airprintdll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll -> [2013/03/26 20:58:12 | 000,136,704 | ---- | M] ()
    diagnosedll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll -> [2013/03/26 20:58:08 | 000,139,264 | ---- | M] ()
    svtutils.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll -> [2013/03/26 20:58:06 | 000,072,192 | ---- | M] ()
    wsetupdll.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll -> [2013/03/26 20:58:06 | 000,066,560 | ---- | M] ()
    qtgui4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll -> [2013/02/19 00:46:06 | 009,814,016 | ---- | M] ()
    qtcore4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll -> [2013/02/19 00:46:06 | 002,537,472 | ---- | M] ()
    qtnetwork4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll -> [2013/02/19 00:46:06 | 001,140,224 | ---- | M] ()
    qtxml4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll -> [2013/02/19 00:46:00 | 000,399,360 | ---- | M] ()
    qjpeg4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll -> [2013/02/19 00:46:00 | 000,287,232 | ---- | M] ()
    qico4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll -> [2013/02/19 00:46:00 | 000,083,456 | ---- | M] ()
    qgif4.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll -> [2013/02/19 00:46:00 | 000,083,456 | ---- | M] ()
    libgcc_s_dw2-1.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll -> [2013/02/19 00:46:00 | 000,043,008 | ---- | M] ()
    mingwm10.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll -> [2013/02/19 00:46:00 | 000,011,362 | ---- | M] ()
    windowslive.writer.localization.resources.dll -> C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll -> [2013/02/05 21:57:56 | 000,269,824 | ---- | M] ()
    dblite.dll -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll -> [2012/12/20 17:19:26 | 000,479,752 | ---- | M] ()
    libntgr_api.dll -> C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll -> [2012/11/29 03:56:00 | 003,332,720 | ---- | M] ()
    clmlsvcps.dll -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll -> [2012/06/08 12:34:06 | 000,016,400 | ---- | M] ()
    clmedialibrary.dll -> c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll -> [2012/06/07 21:34:06 | 000,627,216 | ---- | M] ()
     
    [Win32 Services - Safe List]
    64bit-(w3logsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\inetsrv\w3logsvc.dll -> [2013/10/21 23:57:09 | 000,076,800 | ---- | M] (Microsoft Corporation)
    64bit-(workfolderssvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\workfolderssvc.dll -> [2013/10/21 19:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation)
    64bit-(IEEtwCollectorService)  [On_Demand | Stopped] -> C:\WINDOWS\SysNative\IEEtwCollector.exe -> [2013/10/18 23:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation)
    64bit-(WSService)  [Unknown | Stopped] -> C:\Windows\SysNative\WSService.dll -> [2013/10/10 10:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation)
    64bit-(AppXSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\AppXDeploymentServer.dll -> [2013/10/10 04:40:53 | 001,302,528 | ---- | M] (Microsoft Corporation)
    64bit-(AppReadiness)  [On_Demand | Stopped] -> C:\Windows\SysNative\AppReadiness.dll -> [2013/10/04 02:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation)
    64bit-(wlidsvc)  [On_Demand | Running] -> C:\Windows\SysNative\wlidsvc.dll -> [2013/09/29 22:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation)
    64bit-(Wcmsvc)  [Auto | Running] -> C:\Windows\SysNative\wcmsvc.dll -> [2013/09/29 22:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation)
    64bit-(lfsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\GeofenceMonitorService.dll -> [2013/09/29 22:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation)
    64bit-(BrokerInfrastructure)  [Unknown | Running] -> C:\Windows\SysNative\bisrv.dll -> [2013/09/29 22:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation)
    64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2013/09/18 23:32:40 | 000,239,616 | ---- | M] (AMD)
    64bit-(OfficeSvc)  [Auto | Running] -> C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -> [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation)
    64bit-(WdNisSvc)  [Unknown | Stopped] -> C:\Program Files\Windows Defender\NisSrv.exe -> [2013/08/22 06:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation)
    64bit-(WinDefend)  [Unknown | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2013/08/22 06:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation)
    64bit-(PrintNotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -> [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation)
    64bit-(WEPHOSTSVC)  [On_Demand | Stopped] -> C:\Windows\SysNative\wephostsvc.dll -> [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation)
    64bit-(EFS)  [Unknown | Stopped] -> C:\Windows\SysNative\efssvc.dll -> [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation)
    64bit-(WiaRpc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wiarpc.dll -> [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation)
    64bit-(svsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\svsvc.dll -> [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation)
    64bit-(fhsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\fhsvc.dll -> [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation)
    64bit-(NcaSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\NcaSvc.dll -> [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation)
    64bit-(vmicvss)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmictimesync)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmicshutdown)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmicrdv)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmickvpexchange)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmicheartbeat)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(vmicguestinterface)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation)
    64bit-(LSM)  [Unknown | Running] -> C:\Windows\SysNative\lsm.dll -> [2013/08/22 04:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation)
    64bit-(smphost)  [On_Demand | Stopped] -> C:\Windows\SysNative\smphost.dll -> [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation)
    64bit-(SystemEventsBroker)  [Unknown | Running] -> C:\Windows\SysNative\SystemEventsBrokerServer.dll -> [2013/08/22 03:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation)
    64bit-(ScDeviceEnum)  [Unknown | Stopped] -> C:\Windows\SysNative\ScDeviceEnum.dll -> [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation)
    64bit-(TimeBroker)  [Unknown | Running] -> C:\Windows\SysNative\TimeBrokerServer.dll -> [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation)
    64bit-(netprofm)  [On_Demand | Running] -> C:\Windows\SysNative\netprofmsvc.dll -> [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation)
    64bit-(NcbService)  [On_Demand | Running] -> C:\Windows\SysNative\ncbservice.dll -> [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation)
    64bit-(DeviceAssociationService)  [On_Demand | Running] -> C:\Windows\SysNative\das.dll -> [2013/08/22 03:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation)
    64bit-(AudioEndpointBuilder)  [Auto | Running] -> C:\Windows\SysNative\AudioEndpointBuilder.dll -> [2013/08/22 03:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation)
    64bit-(DsmSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\DeviceSetupManager.dll -> [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation)
    64bit-(NcdAutoSetup)  [On_Demand | Running] -> C:\Windows\SysNative\NcdAutoSetup.dll -> [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-(STacSV)  [Auto | Running] -> C:\Program Files\IDT\WDM\stacsv64.exe -> [2013/06/06 08:52:08 | 000,333,824 | ---- | M] (IDT, Inc.)
    (PasswordBox) PasswordBox [Auto | Running] -> C:\Program Files (x86)\PasswordBox\pbbtnService.exe -> [2013/11/01 14:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.)
    (WAS) Windows Process Activation Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -> [2013/10/21 23:57:10 | 000,475,648 | ---- | M] (Microsoft Corporation)
    (w3logsvc) W3C Logging Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -> [2013/10/21 23:57:09 | 000,066,560 | ---- | M] (Microsoft Corporation)
    (AppHostSvc) Application Host Helper Service [Auto | Running] -> C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -> [2013/10/21 23:57:09 | 000,062,464 | ---- | M] (Microsoft Corporation)
    (AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -> [2013/10/16 06:14:25 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO)
    (SDScannerService) Spybot-S&D 2 Scanner Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
    (lfsvc) Windows Location Framework Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\GeofenceMonitorService.dll -> [2013/09/29 22:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation)
    (SDUpdateService) Spybot-S&D 2 Updating Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
    (SDWSCService) Spybot-S&D 2 Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -> [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.)
    (HTCMonitorService) HTCMonitorService [Auto | Running] -> C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -> [2013/09/02 09:51:38 | 000,087,368 | ---- | M] (Nero AG)
    (StorSvc) Storage Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\StorSvc.dll -> [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation)
    (smphost) Microsoft Storage Spaces SMP [On_Demand | Stopped] -> C:\Windows\SysWOW64\smphost.dll -> [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation)
    (Secunia PSI Agent) Secunia PSI Agent [On_Demand | Stopped] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2013/07/03 02:32:44 | 001,228,504 | ---- | M] (Secunia)
    (Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2013/07/03 02:32:44 | 000,660,184 | ---- | M] (Secunia)
    (NETGEARGenieDaemon) NETGEARGenieDaemon [Auto | Running] -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -> [2013/04/07 05:39:20 | 000,232,192 | ---- | M] (NETGEAR)
    (Kodak AiO Network Discovery Service) Kodak AiO Network Discovery Service [Auto | Running] -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company)
    (DragonSvc) Dragon Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -> [2013/02/11 17:48:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.)
    (Kodak AiO Status Monitor Service) Kodak AiO Status Monitor Service [Auto | Running] -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -> [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company)
    (CSObjectsSrv) CryptoStorage control service [Auto | Running] -> C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -> [2012/12/21 13:32:50 | 000,819,040 | ---- | M] (Infowatch)
    (PassThru Service) Internet Pass-Through Service [Auto | Running] -> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -> [2012/12/07 16:26:56 | 000,167,424 | ---- | M] ()
    (HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company)
     
    [Driver Services - Safe List]
    64bit-(avgtp) avgtp [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtpx64.sys -> [2013/11/21 16:37:31 | 000,046,368 | ---- | M] (AVG Technologies)
    64bit-(klelam) klelam [Kernel | Boot | Stopped] -> C:\Windows\SysNative\drivers\klelam.sys -> [2013/11/13 03:53:59 | 000,029,792 | ---- | M] (Kaspersky Lab)
    64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | M] (Disc Soft Ltd)
    64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2013/10/16 06:15:46 | 000,625,760 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2013/10/16 06:15:46 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(klkbdflt) Kaspersky Lab KLKBDFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klkbdflt.sys -> [2013/10/16 06:15:46 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(kl1) kl1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2013/10/16 06:15:44 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(WFPLWFS) Microsoft Windows Filtering Platform [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\wfplwfs.sys -> [2013/10/12 20:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation)
    64bit-(intelpep) Intel(R) Power Engine Plug-in Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\intelpep.sys -> [2013/10/08 05:07:14 | 000,039,768 | ---- | M] (Microsoft Corporation)
    64bit-(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\npf.sys -> [2013/10/06 20:10:40 | 000,035,344 | ---- | M] (CACE Technologies, Inc.)
    64bit-(kneps) kneps [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kneps.sys -> [2013/10/06 19:50:24 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(klwfp) klwfp [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klwfp.sys -> [2013/10/06 19:50:24 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(spaceport) Storage Spaces Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\spaceport.sys -> [2013/10/05 09:25:54 | 000,371,032 | ---- | M] (Microsoft Corporation)
    64bit-(stornvme) Microsoft Standard NVM Express Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stornvme.sys -> [2013/10/05 09:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation)
    64bit-(USBHUB3) SuperSpeed Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBHUB3.SYS -> [2013/09/29 22:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation)
    64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2013/09/29 22:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation)
    64bit-(VerifierExt) VerifierExt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VerifierExt.sys -> [2013/09/29 22:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation)
    64bit-(pdc) pdc [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pdc.sys -> [2013/09/29 22:03:25 | 000,086,872 | ---- | M] (Microsoft Corporation)
    64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2013/09/29 21:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation)
    64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\terminpt.sys -> [2013/09/29 21:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation)
    64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2013/09/26 16:42:16 | 002,588,848 | ---- | M] (Ralink Technology, Corp.)
    64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2013/09/18 23:32:40 | 012,526,592 | ---- | M] (Advanced Micro Devices, Inc.)
    64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2013/09/18 23:32:40 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.)
    64bit-(USBXHCI) USB xHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBXHCI.SYS -> [2013/09/11 06:46:25 | 000,325,464 | ---- | M] (Microsoft Corporation)
    64bit-(condrv) Console Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\condrv.sys -> [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation)
    64bit-(dam) Desktop Activity Moderator Driver [Kernel | System | Stopped] -> C:\Windows\SysNative\drivers\dam.sys -> [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation)
    64bit-(acpiex) Microsoft ACPIEx Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\acpiex.sys -> [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation)
    64bit-(TPM) TPM [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tpm.sys -> [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation)
    64bit-(mvumis) mvumis [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mvumis.sys -> [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.)
    64bit-(GPIOClx0101) Microsoft GPIO Class Extension Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msgpioclx.sys -> [2013/08/22 06:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation)
    64bit-(msgpiowin32) Common Driver for Buttons, DockMode and Laptop/Slate Indicator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msgpiowin32.sys -> [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation)
    64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation)
    64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation)
    64bit-(LSI_SSS) LSI_SSS [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sss.sys -> [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation)
    64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company)
    64bit-(LSI_SAS3) LSI_SAS3 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas3.sys -> [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation)
    64bit-(ADP80XX) ADP80XX [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\adp80xx.sys -> [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra)
    64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation)
    64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.)
    64bit-(3ware) 3ware [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\3ware.sys -> [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI)
    64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices)
    64bit-(EhStorTcgDrv) Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -> [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation)
    64bit-(EhStorClass) Enhanced Storage Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\EhStorClass.sys -> [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation)
    64bit-(amdxata) amdxata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices)
    64bit-(VSTXRAID) VIA StorX Storage RAID Controller Windows Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTXRAID.SYS -> [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation)
    64bit-(UCX01000) USB Controller Extension [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UCX01000.SYS -> [2013/08/22 06:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation)
    64bit-(UASPStor) USB Attached SCSI (UAS) Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uaspstor.sys -> [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation)
    64bit-(sdstor) SD Storage Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdstor.sys -> [2013/08/22 06:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation)
    64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.)
    64bit-(SerCx2) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SerCx2.sys -> [2013/08/22 06:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation)
    64bit-(storahci) Microsoft Standard SATA AHCI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\storahci.sys -> [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation)
    64bit-(SpbCx) Simple Peripheral Bus Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SpbCx.sys -> [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation)
    64bit-(SerCx) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\SerCx.sys -> [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation)
    64bit-(wpcfltr) Family Safety Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wpcfltr.sys -> [2013/08/22 06:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation)
    64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\clfs.sys -> [2013/08/22 06:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation)
    64bit-(ReFS) ReFS [File_System | On_Demand | Stopped] -> C:\WINDOWS\SysNative\drivers\refs.sys -> [2013/08/22 06:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation)
    64bit-(UEFI) Microsoft UEFI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uefi.sys -> [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation)
    64bit-(vpci) Microsoft Hyper-V Virtual PCI Bus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vpci.sys -> [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation)
    64bit-(WpdUpFltr) WPD Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WpdUpFltr.sys -> [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation)
    64bit-(WdFilter) Windows Defender Mini-Filter Driver [File_System | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdFilter.sys -> [2013/08/22 06:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation)
    64bit-(WdNisDrv) Windows Defender Network Inspection System Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdNisDrv.sys -> [2013/08/22 06:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation)
    64bit-(WdBoot) Windows Defender Boot Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\WdBoot.sys -> [2013/08/22 06:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation)
    64bit-(ahcache) Application Compatibility Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ahcache.sys -> [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation)
    64bit-(BasicDisplay) BasicDisplay [Kernel | System | Running] -> C:\Windows\SysNative\drivers\BasicDisplay.sys -> [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation)
    64bit-(BasicRender) BasicRender [Kernel | System | Running] -> C:\Windows\SysNative\drivers\BasicRender.sys -> [2013/08/22 05:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation)
    64bit-(HyperVideo) HyperVideo [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HyperVideo.sys -> [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation)
    64bit-(mshidumdf) Pass-through HID to UMDF Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidumdf.sys -> [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation)
    64bit-(acpitime) ACPI Wake Alarm Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpitime.sys -> [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation)
    64bit-(acpipagr) ACPI Processor Aggregator Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipagr.sys -> [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation)
    64bit-(BthAvrcpTg) Bluetooth Audio/Video Remote Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BthAvrcpTg.sys -> [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation)
    64bit-(kdnic) Microsoft Kernel Debug Network Miniport (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\kdnic.sys -> [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation)
    64bit-(gencounter) Microsoft Hyper-V Generation Counter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vmgencounter.sys -> [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation)
    64bit-(npsvctrig) Named pipe service trigger provider [Kernel | System | Running] -> C:\Windows\SysNative\drivers\npsvctrig.sys -> [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation)
    64bit-(bthhfhid) Bluetooth Hands-Free Call Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BthhfHid.sys -> [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation)
    64bit-(hyperkbd) hyperkbd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hyperkbd.sys -> [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation)
    64bit-(BthHFEnum) Bluetooth Hands-Free Audio and Call Control HID Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bthhfenum.sys -> [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation)
    64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation)
    64bit-(hidi2c) Microsoft I2C HID Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidi2c.sys -> [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation)
    64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation)
    64bit-(netvsc) netvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netvsc63.sys -> [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation)
    64bit-(NdisVirtualBus) Microsoft Virtual Network Adapter Enumerator [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NdisVirtualBus.sys -> [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation)
    64bit-(NdisImPlatform) Microsoft Network Adapter Multiplexor Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NdisImPlatform.sys -> [2013/08/22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation)
    64bit-(MsLldp) Microsoft Link-Layer Discovery Protocol [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\mslldp.sys -> [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation)
    64bit-(Ndu) Windows Network Data Usage Monitoring Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\Ndu.sys -> [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation)
    64bit-(FxPPM) Power Framework Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fxppm.sys -> [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation)
    64bit-(bcmfn2) bcmfn2 Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bcmfn2.sys -> [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(iaStorAV) Intel(R) SATA RAID Controller Windows [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaStorAV.sys -> [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation)
    64bit-(iaLPSSi_GPIO) Intel(R) Serial IO GPIO Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -> [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation)
    64bit-(iaLPSSi_I2C) Intel(R) Serial IO I2C Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -> [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation)
    64bit-(VClone) VClone [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VClone.sys -> [2013/07/24 09:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG)
    64bit-(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\psi_mf_amd64.sys -> [2013/07/03 02:32:42 | 000,018,456 | ---- | M] (Secunia)
    64bit-(L1C) NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C63x64.sys -> [2013/06/18 08:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.)
    64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2013/06/06 08:52:08 | 000,550,912 | ---- | M] (IDT, Inc.)
    64bit-(WsAudioDevice_383) WsAudioDevice_383 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\VirtualAudio.sys -> [2013/05/09 09:48:42 | 000,031,080 | ---- | M] (Wondershare)
    64bit-(amd_sata) amd_sata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_sata.sys -> [2013/03/31 17:52:04 | 000,080,552 | ---- | M] (Advanced Micro Devices)
    64bit-(amd_xata) amd_xata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amd_xata.sys -> [2013/03/31 17:52:04 | 000,026,280 | ---- | M] (Advanced Micro Devices)
    64bit-(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ElbyCDIO.sys -> [2013/03/04 06:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG)
    64bit-(CSCrySec) InfoWatch Encrypt Sector Library driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\CSCrySec.sys -> [2012/12/10 14:14:54 | 000,098,064 | ---- | M] (Infowatch)
    64bit-(CSVirtualDiskDrv) InfoWatch Virtual Disk driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -> [2012/12/10 14:14:54 | 000,067,344 | ---- | M] (Infowatch)
    64bit-(htcnprot) HTC NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\htcnprot.sys -> [2012/12/07 17:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider)
    64bit-(amdkmpfd) AMD PCI Root Bus Lower Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdkmpfd.sys -> [2012/09/13 18:12:38 | 000,036,520 | ---- | M] (Advanced Micro Devices, Inc.)
    64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2012/08/02 14:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO)
    64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2012/07/16 20:36:29 | 000,057,000 | ---- | M] (Advanced Micro Devices)
    64bit-(CLVirtualDrive) CLVirtualDrive [Kernel | System | Running] -> C:\Windows\SysNative\drivers\CLVirtualDrive.sys -> [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink)
    64bit-(CpqDfw) Compaq Dfw [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\cpqdfw.sys -> [2012/05/29 16:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
    64bit-(HTCAND64) HTC Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ANDROIDUSB.sys -> [2009/11/02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation)
    [Registry - Safe List]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.msn.com -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.bing.com -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> 
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms} -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.nationzoom.com/web/?type=ds&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR&q={searchTerms} -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.nationzoom.com/?type=hp&ts=1385859540&from=tugs&uid=ST2000DM001-1CH164_Z1E4X3FR -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://msn.com -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]] -> [2013/10/16 06:15:48 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [C:\PROGRAM FILES (X86)\NUANCE\NATURALLYSPEAKING12\PROGRAM\FFSHIM.XPI] -> [2013/02/11 17:44:08 | 000,136,309 | ---- | M] ()
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2013/08/22 07:25:41 | 000,000,824 | ---- | M] - 21 lines) -> C:\WINDOWS\SysNative\Drivers\etc\hosts -> 
    Reset Hosts
    < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Lync Browser Helper] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
    {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2013/10/06 19:35:44 | 000,651,968 | ---- | M] (Kaspersky Lab ZAO)
    {73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2013/10/06 19:35:46 | 001,067,712 | ---- | M] (Kaspersky Lab ZAO)
    {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [Safe Money Plugin] -> [2013/10/06 19:35:45 | 000,512,192 | ---- | M] (Kaspersky Lab ZAO)
    {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [Office Document Cache Handler] -> [2013/11/30 20:49:20 | 000,878,808 | ---- | M] (Microsoft Corporation)
    {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2013/11/30 20:49:14 | 002,328,776 | ---- | M] (Microsoft Corporation)
    {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2013/10/06 19:35:45 | 000,581,824 | ---- | M] (Kaspersky Lab ZAO)
    {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [HP Network Check Helper] -> [2013/08/28 01:30:32 | 000,303,416 | ---- | M] (Hewlett-Packard)
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {215BA832-75A3-426E-A4FC-7C5B58CE6A10} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll [Kaspersky Passsword Manager Toolbar] -> [2013/11/13 03:53:22 | 002,396,480 | ---- | M] (Kaspersky Lab)
    {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2013/10/06 19:35:27 | 000,536,256 | ---- | M] (Kaspersky Lab ZAO)
    {5DB69B97-934B-451D-94DB-32EF802A01CD} [HKLM] -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [PasswordBox Helper] -> [2013/11/15 17:03:30 | 000,128,008 | ---- | M] (PasswordBox, Inc.)
    {73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2013/10/06 19:35:28 | 000,880,320 | ---- | M] (Kaspersky Lab ZAO)
    {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} [HKLM] -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [Dragon NaturallySpeaking Rich Internet Application Support - Extension] -> [2013/02/11 17:50:28 | 000,206,128 | ---- | M] (Nuance Communications, Inc.)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/10/08 06:50:01 | 000,462,760 | ---- | M] (Oracle Corporation)
    {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [Safe Money Plugin] -> [2013/10/06 19:35:28 | 000,426,176 | ---- | M] (Kaspersky Lab ZAO)
    {B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL [Office Document Cache Handler] -> [2013/11/30 20:49:20 | 000,705,240 | ---- | M] (Microsoft Corporation)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/10/08 06:47:58 | 000,171,944 | ---- | M] (Oracle Corporation)
    {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2013/10/06 19:35:28 | 000,485,568 | ---- | M] (Kaspersky Lab ZAO)
    {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [HP Network Check Helper] -> [2013/08/28 01:28:26 | 000,286,520 | ---- | M] (Hewlett-Packard)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{215BA832-75A3-426E-A4FC-7C5B58CE6A10}" [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll [Kaspersky Passsword Manager Toolbar] -> [2013/11/13 03:53:22 | 002,396,480 | ---- | M] (Kaspersky Lab)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "BeatsOSDApp" -> C:\Program Files\IDT\WDM\Beats64.exe [C:\Program Files\IDT\WDM\beats64.exe] -> [2012/08/22 16:48:46 | 000,041,664 | ---- | M] (Hewlett-Packard )
    "EKIJ5000StatusMonitor" -> C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe [C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe] -> [2012/10/08 09:06:08 | 003,182,080 | ---- | M] (Eastman Kodak Company)
    "SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [C:\Program Files\IDT\WDM\sttray64.exe] -> [2013/06/06 08:52:06 | 001,703,424 | ---- | M] (IDT, Inc.)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"] -> [2013/10/16 06:14:35 | 000,024,256 | ---- | M] (Kaspersky Lab ZAO)
    "Conime" ->  [%windir%\system32\conime.exe] -> File not found
    "DNS7reminder" -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe ["C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"] -> [2010/10/27 10:44:38 | 000,328,992 | ---- | M] (Nuance Communications, Inc.)
    "EKStatusMonitor" -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe] -> [2013/01/15 12:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company)
    "ISUSPM" -> C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler] -> [2011/10/12 22:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.)
    "SDTray" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"] -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
    "StartCCC" -> c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2013/02/07 00:42:42 | 000,642,656 | ---- | M] (Advanced Micro Devices, Inc.)
    < 64bit-RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
    "NCPluginUpdater" -> C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe ["C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update] -> [2013/11/27 00:10:44 | 000,021,720 | ---- | M] (Hewlett-Packard)
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe ["C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2013/10/28 02:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd)
    "ISUSPM" -> C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler] -> [2011/10/12 22:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.)
    "NETGEARGenie" -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ["C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect] -> [2013/04/07 05:38:46 | 001,044,224 | ---- | M] ()
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoActiveDesktop" ->  [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
    \\"EnableCursorSuppression" ->  [1] -> File not found
    \\"ConsentPromptBehaviorUser" ->  [3] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm] -> [2012/12/20 16:22:08 | 000,001,452 | ---- | M] ()
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2013/11/30 20:48:18 | 025,619,616 | ---- | M] (Microsoft Corporation)
    Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Add to Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm] -> [2012/12/20 16:22:08 | 000,001,452 | ---- | M] ()
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2013/11/30 20:48:18 | 025,619,616 | ---- | M] (Microsoft Corporation)
    Lookup on Merriam Webster -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
    Lookup on Wikipedia -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
    Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
    < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Virtual Keyboard] -> [2013/10/06 19:35:46 | 001,067,712 | ---- | M] (Kaspersky Lab ZAO)
    {25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
    {25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Menu: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Button: Send to OneNote] -> [2013/11/30 20:49:10 | 000,610,520 | ---- | M] (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2013/11/30 20:49:10 | 000,610,520 | ---- | M] (Microsoft Corporation)
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Button: Lync Click to Call] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Menu: Lync Click to Call] -> [2013/11/30 20:49:18 | 000,218,784 | ---- | M] (Microsoft Corporation)
    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2013/11/30 20:49:11 | 000,572,632 | ---- | M] (Microsoft Corporation)
    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2013/11/30 20:49:11 | 000,572,632 | ---- | M] (Microsoft Corporation)
    {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Button: URLs check] -> [2013/10/06 19:35:45 | 000,581,824 | ---- | M] (Kaspersky Lab ZAO)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
    {0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Virtual Keyboard] -> [2013/10/06 19:35:28 | 000,880,320 | ---- | M] (Kaspersky Lab ZAO)
    {25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
    {25510184-5A38-4A99-B273-DCA8EEF6CD08}:Exec [HKLM] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [Menu: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102] -> [2012/07/09 18:46:12 | 000,023,456 | ---- | M] (Hewlett-Packard)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Button: Send to OneNote] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2013/11/30 20:49:19 | 000,493,272 | ---- | M] (Microsoft Corporation)
    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2013/11/30 20:49:24 | 000,463,576 | ---- | M] (Microsoft Corporation)
    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2013/11/30 20:49:24 | 000,463,576 | ---- | M] (Microsoft Corporation)
    {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [Button: URLs check] -> [2013/10/06 19:35:28 | 000,485,568 | ---- | M] (Kaspersky Lab ZAO)
    < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
     
  10. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 192.168.17.1 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {C2A0A005-80B2-4FE8-9F75-0FDF89BD79CA}\\DhcpNameServer -> 192.168.17.1 (Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)) ->
    {DDCF1E74-60B6-4E2B-84E8-F41624825BE9}\\DhcpNameServer -> 192.168.1.1 (Ralink RT5390R 802.11bgn Wi-Fi Adapter) ->
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2013/10/22 01:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2013/08/22 04:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    SystemPropertiesPerformance.exe -> C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe -> [2013/08/22 05:03:13 | 000,082,944 | ---- | M] (Microsoft Corporation)
    /pagefile -> -> File not found
    *MultiFile Done* -> ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2013/10/22 00:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    userinit.exe -> C:\WINDOWS\SysWow64\userinit.exe -> [2013/08/21 20:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    /pagefile -> -> File not found
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    SDWinLogon -> -> File not found
    < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
    livessp -> -> File not found
    *MultiFile Done* -> ->
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
    {196A03CB-2128-4D5E-8D3B-21CE71876DE5} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
    {35864EB0-3115-47CB-A6BA-448241F62275} -> lport=5353 | profile=private | protocol=17 | dir=in | action=allow | name=bonjour port 5353 |
    {46A6C94F-3AD2-4479-A318-1F2AE71362F8} -> lport=9322 | profile=public | protocol=6 | dir=in | action=allow | name=ekdiscovery |
    {493AA66D-BCEC-4186-A740-3C41DE87C7ED} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
    {4FDEF6A6-1F8A-409C-9E54-0412439DDA55} -> lport=5353 | profile=public | protocol=17 | dir=in | action=allow | name=bonjour port 5353 |
    {52447213-1157-4AD4-964C-1B5EC37DED95} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) |
    {7CDA9119-1EBB-413C-934B-54BA35BD06F3} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) |
    {EB1A6CA2-5BCD-4AC1-B28D-B5FA25A2A514} -> lport=9322 | profile=private | protocol=6 | dir=in | action=allow | name=ekdiscovery |
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
    {038147C7-9749-4D0E-A5C7-8CDA85C20A4E} -> profile=domain | dir=out | action=allow | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
    {06DCE110-4FF7-4EA4-8C36-A49D18D67491} -> profile=domain | dir=out | action=allow | name=juniper networks junos pulse |
    {070B1876-C031-4230-A543-3B7364C63682} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {07C27FC7-61DC-4E79-BBFE-19D62C5BA93A} -> protocol=17 | dir=in | action=allow | name=&#956;torrent (udp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
    {08ED8753-5D80-40B0-8193-641EFEA886D6} -> dir=out | action=allow | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    {0A5AFAE1-9B4C-4CA6-A5D7-154769627F73} -> dir=out | action=allow | name=hp connected music | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
    {0B3A010B-7228-46A4-A58B-5DB4397BAFED} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
    {0D91AE26-C0F3-4ADB-858C-CF17E161FEED} -> profile=domain | dir=out | action=allow | name=skype |
    {0E2B7C7F-EBB0-4102-AA45-47386BAC9FAA} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
    {0F6FD72D-3068-455F-AC96-7A3C00B933A1} -> profile=domain | dir=in | action=allow | name=sonicwall mobile connect |
    {16027CB1-111A-4B2A-9F56-825F9B8BE521} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
    {1970C66C-75F6-4F16-8B7E-3B0D4C08DCE1} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    {1ACDE084-8DE8-4E12-AD22-9DD1EE48C47F} -> profile=public | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\williej\appdata\roaming\dropbox\bin\dropbox.exe |
    {1CDC6152-DAF4-463C-82ED-D7D41C4BAF54} -> dir=out | action=allow | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    {1F277F87-AC55-4FF3-851C-B107E0DB1F4C} -> dir=in | action=allow | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    {203C7D8E-9DA4-4B1D-ABEC-A60C550E5149} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
    {2199093B-B54D-4599-8770-E7355243321A} -> dir=out | action=allow | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    {221D06D3-D5B0-4362-BA28-2EBD6E30C734} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    {22644720-8F9E-402D-BDC8-AB10D84599D8} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    {241B4660-97CD-4277-A861-CF2E9BEDB37D} -> profile=domain | dir=out | action=allow | name=microsoft solitaire collection |
    {26FA3D58-F583-4647-9DA5-32DB7E390BC6} -> profile=domain | dir=in | action=allow | name=hp+ |
    {28861551-3714-4063-89E5-59B063AE224F} -> dir=in | action=allow | name=hp connected music spotify helper | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
    {290C51B0-7058-405D-ACD2-78BF5464DFA2} -> profile=domain | dir=out | action=allow | name=hp games |
    {2BE3076A-0B40-4283-AD56-51B7C913E8EA} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
    {2C482802-8E26-4E8F-B16D-A040E88FC341} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
    {2DC8A19F-9D8A-4871-9F9E-E6C44F151A01} -> profile=domain | dir=in | action=allow | name=hp connected photo powered by snapfish |
    {2EB429FC-8854-41FE-AA7D-06FDEC380072} -> dir=out | action=allow | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    {30078ECC-DA2E-45F4-9505-992F5BBB4427} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {305F2026-6394-400F-B62B-7ECA66807B30} -> profile=domain | dir=out | action=allow | name=hp games |
    {31765795-8DF8-4756-AB37-0A76B68E77B6} -> profile=domain | dir=out | action=allow | name=hp+ |
    {3207D2A4-ABFC-4EB6-BD37-C21352A7385D} -> profile=domain | dir=out | action=allow | name=skype |
    {33F678A7-958A-4393-9BAA-9C0B95B40E1E} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    {3546B019-5441-4353-87BC-50AC7ACCEE73} -> dir=out | action=allow | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    {35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 |
    {370A3746-5EA0-4288-ABB0-21FEECA6313A} -> profile=domain | dir=out | action=allow | name=norton studio |
    {370AA85F-2271-4975-AC09-0431B238885D} -> dir=in | action=allow | name=htcsyncmanager | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
    {39B2B2AA-9F06-47DE-B308-D5A4C7F7402E} -> profile=domain | dir=out | action=allow | name=juniper networks junos pulse |
    {3DD0057E-7889-43A1-A5C7-AA30D7B9849F} -> profile=domain | dir=out | action=allow | name=microsoft solitaire collection |
    {3E4C113D-5CB9-4000-8AAC-829FF6A68AD1} -> profile=domain | dir=out | action=allow | name=check point vpn |
    {3FE6889B-2E81-44A4-8744-E7A8470555F9} -> profile=domain | dir=out | action=allow | name=sonicwall mobile connect |
    {402F0576-65C8-4564-98A0-E33F97A4F8D6} -> profile=domain | dir=in | action=allow | name=check point vpn |
    {422F1F3A-A6EB-4EFB-B56F-FF4D5D295087} -> profile=domain | dir=in | action=allow | name=sonicwall mobile connect |
    {4282FE99-8560-4BC7-9576-5F3ED84E263F} -> profile=domain | dir=in | action=allow | name=checkpoint.vpn |
    {44262EA6-0308-428A-802D-F40E885A12B7} -> profile=domain | dir=out | action=allow | name=f5 vpn |
    {4436EFBB-0AA1-4322-9933-99313417AB83} -> profile=domain | dir=in | action=allow | name=check point vpn |
    {4623C344-71FE-44C7-BB99-46C53515F87E} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    {47E3A243-D3BB-4394-AB80-F172884633C0} -> profile=domain | dir=out | action=allow | name=network speed test |
    {4ABCE14A-62DA-4DE4-AB7D-CC9095CB3B64} -> dir=out | action=allow | name=hp connected music installer | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
    {4BCDCBF3-B2B7-495F-B02E-C1083B10CBF8} -> profile=domain | dir=out | action=allow | name=box |
    {4BCF3B2F-57AA-41E7-891C-5550D8CAA032} -> profile=domain | dir=out | action=allow | name=getting started with windows 8 |
    {4ECE64EE-5461-450E-AF8A-4EEED0688520} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    {4F049E24-52EA-401C-9F38-0B63C6B60C39} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
    {50ADDF8C-69D4-479B-85CE-6F82AC590831} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {51D59717-8E5E-407A-9AE7-9C273726EE4B} -> profile=domain | dir=out | action=allow | name=sonicwall mobile connect |
    {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6} -> profile=domain | dir=in | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    {5571D51F-672E-4CAF-8EB3-D7778837E35C} -> profile=public | protocol=6 | dir=in | action=allow | name=wsyssvc | app=c:\programdata\esafe\egdpsvc.exe |
    {55E67996-DFEC-4BE4-B92A-C05DFB15E351} -> profile=domain | dir=in | action=allow | name=juniper networks junos pulse |
    {560448D6-095C-4907-B046-AC7F710701A7} -> profile=domain | dir=in | action=allow | name=sonicwall.mobileconnect |
    {5608C8D2-7D76-4A49-B6BB-64419724F3DC} -> dir=out | action=allow | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    {595C5C0C-9211-4D69-91A8-B55659F66E67} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    {5AE5A36F-77ED-4F5D-9ACC-CC131D525A1F} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    {5B46143D-6011-415F-8744-319BDD285950} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
    {5C55D8C3-FFAE-4C9E-BF1A-A456141945EA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
    {5CC48330-10BF-4C00-A1AC-80EA0E73A264} -> dir=in | action=allow | name=microsoft skydrive | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
    {5E034E8B-B740-4F1B-B5F7-3BCB8CF0B242} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    {5E0E219B-84FA-45F4-A982-D519C50C6254} -> profile=domain | dir=out | action=allow | name=download youtube |
    {5E5B496A-7EB9-4606-95BF-BAEE92D74ABF} -> dir=out | action=allow | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    {5F0EAB5D-437E-44AA-8CAC-77F455892131} -> protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\williej\appdata\local\ilivid\ilivid.exe |
    {5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E} -> profile=domain | dir=out | action=allow | name=sonicwall.mobileconnect |
    {60356624-7E65-4027-A624-DA525CA781AB} -> profile=domain | dir=out | action=allow | name=box |
    {62B2D870-7C30-47BD-81E0-82C49A1BBFB3} -> profile=domain | dir=out | action=allow | name=netflix |
    {6338F036-CEC5-414E-9953-5BE6FDDA9645} -> profile=domain | dir=out | action=allow | name=ebay |
    {639A4CAE-AD85-481E-ABF0-BE1F04A41485} -> dir=out | action=allow | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    {66058675-6725-459E-85C8-F8062150E3FB} -> profile=domain | dir=in | action=allow | name=box |
    {6A17039A-17B1-4DC8-B016-5B806EBE4116} -> profile=domain | dir=in | action=allow | name=microsoft solitaire collection |
    {6C1D4232-1545-417C-B53B-03B8D026100A} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    {6C401CD5-293D-434B-926B-51794E855F27} -> protocol=6 | dir=in | action=allow | name=&#956;torrent (tcp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
    {6DCDADB3-048F-4CC2-B89E-2057FF1AAC27} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    {6F0420B2-BB04-4AD4-9307-B6AB51664F47} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    {7146D6BD-EABA-403D-81A7-EE899BF2FD48} -> dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {74169D5B-C04E-4781-B2B3-6B366FD96418} -> dir=out | action=allow | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    {760C49FA-E484-4B49-87FA-E296B408A12F} -> profile=domain | dir=out | action=allow | name=microsoft community |
    {762325D6-8CDF-4F8D-94F2-7B92BEDE89D5} -> profile=domain | dir=out | action=allow | name=netflix |
    {799F791E-F57B-4F81-90AC-91E5FF3B2420} -> dir=out | action=allow | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    {79DBA1B5-81C9-4327-8A4F-17890DBC989E} -> profile=domain | dir=out | action=allow | name=microsoft mahjong |
    {79E89F5B-4CF0-4E63-B005-B34D6D4A1CF5} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
    {7C360824-5965-4AB7-BF63-C5474AE84EED} -> profile=domain | dir=in | action=allow | name=hp connected photo powered by snapfish |
    {7E74B00B-5EF0-4AB2-9201-E9A5051E6BAE} -> profile=domain | dir=out | action=allow | name=ebay |
    {808F1451-4108-46FD-ADBB-F17324B5F0BD} -> dir=out | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    {81CF806D-F8B2-4BEE-A875-D18BA4F24737} -> profile=domain | dir=in | action=allow | name=box |
    {82F3E6ED-30D7-4B64-83C4-D4827F261DBB} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    {8361697C-79A8-4789-A2D4-E546D6A77347} -> dir=out | action=allow | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    {83C05FA0-5559-47CA-9BD5-C82B3C8D5E43} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {83FC4E2F-4D83-4082-BDB0-6D0DA289D18B} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {8506A14B-9683-4199-8BC8-EEBE444D1666} -> protocol=17 | dir=in | action=allow | name=&#956;torrent (udp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
    {874DDF18-4923-474D-AB26-BB3C7CF348C7} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    {877321F6-B124-44D0-A1D5-640C3AD90FE3} -> profile=domain | dir=out | action=allow | name=kindle |
    {87D3D24B-57F4-4BA8-A42A-054A66CD14AA} -> dir=in | action=allow | name=hp device detection | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
    {8801B9BB-9D9C-4C2E-91A8-F3292042D4E9} -> profile=domain | dir=out | action=allow | name=hp registration |
    {8918649C-5D1E-40FE-8D43-63C73234800F} -> profile=domain | dir=out | action=allow | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
    {8A78B846-A712-4B73-A8C9-B6D536D589F9} -> dir=in | action=allow | name=cyberlink powerdvd 10.0 | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    {8BBA8DBE-282F-457E-9D00-DE4AAFFA261F} -> profile=domain | dir=out | action=allow | name=the espn app |
    {8CBCBA4D-CDB3-4073-97DC-BCE6ED9938D7} -> profile=domain | dir=out | action=allow | name=hp+ |
    {92E4F1EE-D973-499E-AD56-BCABDF8AB29A} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_3.0.1.205_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
    {9376C78E-E240-4B98-8FEB-71102DCCCAEF} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    {949E9180-C5B3-4932-ADDC-80639C135F0A} -> dir=out | action=allow | name=hp connected music spotify helper | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
    {94F08781-FD6D-4930-A5B1-EB0400C2A980} -> profile=public | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\williej\appdata\roaming\dropbox\bin\dropbox.exe |
    {966A1C45-0FF8-48CA-AF69-7790D65EBC89} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {98E9A028-7BAD-47D0-BD35-9C6C6403144B} -> profile=domain | dir=out | action=allow | name=windows 8 cheat keys |
    {994D8C66-6132-4998-A865-E620B60A96FD} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    {9BBA3A15-3947-4D93-A561-D52DCA726D5F} -> profile=public | protocol=6 | dir=in | action=block | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
    {9E3D57FC-7C37-4424-9352-4831E97D029D} -> profile=domain | dir=out | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    {A094D111-4456-4348-A218-31DEDC8C8791} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe |
    {A0A7BEC5-AB76-43BB-B25C-6BD6BC42DF11} -> protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\williej\appdata\local\ilivid\ilivid.exe |
    {A405E7E9-F67C-4525-A30A-5CC1CE0DFE9C} -> dir=out | action=allow | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    {A5468E07-3CE9-40F1-B20E-5F95005974CF} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe |
    {A842738F-64F0-411D-8562-3A9FD55729BB} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    {AB9FCFC6-6A97-4D2A-AD7A-C05D06A6EE80} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {AF3BA850-32E2-4755-9276-2D2B388F0544} -> dir=out | action=allow | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    {AFB1210F-A673-4A87-9B85-4360F80BFF73} -> profile=public | protocol=17 | dir=in | action=block | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
    {AFB49534-5AF5-457F-B187-6DBDADE7EA6B} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    {B0095DF9-F329-4222-B89D-7DFFA6F05367} -> dir=out | action=allow | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    {B1DA6484-AC28-41EF-88D8-F566C939C880} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    {B2A7A3B2-4A4A-47BF-B4CA-CC801CBE7EB3} -> profile=domain | dir=out | action=allow | name=hp connected photo powered by snapfish |
    {B2EA1CFD-4707-48F6-96B1-D5A8AC581CDD} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {B3F17021-C460-4675-8B6F-3089F9BB193E} -> profile=domain | dir=in | action=allow | name=juniper networks junos pulse |
    {B3F32FAE-1982-4D19-BD9A-6212E840677F} -> profile=domain | dir=in | action=allow | name=microsoft mahjong |
    {B7FD6E5E-9634-4AFB-A0E3-5ECA123E1F97} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
    {BB27B1C2-4504-4843-BCBF-598C334527F5} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    {BFBA4937-E603-4E52-9B16-0CF9F4B33637} -> dir=out | action=allow | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    {C075FA30-CBEF-469A-B67F-16D14EA2A33C} -> profile=domain | dir=out | action=allow | name=hp registration |
    {C09A6F32-9802-42B2-9852-C87E82430571} -> profile=domain | dir=out | action=allow | name=microsoft mahjong |
    {C16C2617-E2C6-409C-B3BF-B177C347CD87} -> profile=domain | dir=out | action=allow | name=getting started with windows 8 |
    {C20C11F9-7D58-4375-8916-92702D0C0FAD} -> profile=domain | dir=in | action=allow | name=f5 vpn |
    {C4A5EBA9-527D-415F-8EA7-D32E6E1F766B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
    {C6CECC1F-30D1-4CC2-8575-D6206EE16288} -> profile=domain | dir=out | action=allow | name=f5 vpn |
    {C6D01BFB-274D-4B86-8F1A-9715BC8B81D8} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    {C723FA4E-3B35-411E-A606-AFB0C2F190D8} -> dir=in | action=allow | name=hp connected music | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
    {C80D4E5D-200F-4257-B7CC-CA05E5E37D22} -> profile=domain | dir=in | action=allow | name=f5 vpn |
    {C9574444-D364-4714-960A-D861AFBC7741} -> profile=domain | dir=out | action=allow | name=hp connected photo powered by snapfish |
    {C9B8FC8C-82CC-48B2-8DE5-C9CE2D67C788} -> profile=domain | dir=in | action=allow | name=hp+ |
    {CA2C1349-CA87-40C3-8C39-F869A7C94F28} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
    {CA5A85ED-169A-4625-91C4-C3A7750B8D08} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    {CCD1CDE4-1A5F-4A51-AF46-C13B96DC4DC6} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    {CE282882-D6A9-4C7D-9196-6A45C79A829D} -> profile=domain | dir=in | action=allow | name=skype |
    {CEEA6282-440A-406E-9951-69E82513B2CF} -> profile=domain | dir=out | action=allow | name=google search |
    {CF1B876A-65CE-4CB9-A83C-C2A781B83DA6} -> dir=in | action=allow | name=hp connected music installer | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
    {D2D45050-030B-4EEA-B534-A9BF459A90EE} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
    {D2D7FFC0-90DE-416B-9478-3EEAE8BBFFF4} -> dir=out | action=allow | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    {D4486780-A5D5-4077-BA48-455472AC6C2C} -> dir=out | action=allow | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    {D44A8857-B871-43A6-A99B-9840153D10F4} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
    {D6980480-941A-4DF6-AB81-3734ECD3D779} -> profile=domain | dir=out | action=allow | name=junipernetworks.junospulsevpn |
    {D958C387-CF21-4143-814B-AB8AD2F6A10B} -> dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    {D9D9EFF0-10D0-4FBC-9C70-8513D26ABBC8} -> dir=in | action=allow | name=htcsyncmanager | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
    {DA2A295C-917B-4794-BA95-FDF5783CB70D} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    {DA90F373-BBEE-412F-A84F-D02C56A390EA} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe |
    {DB59588E-ED90-4C47-A7B5-7929DD0C0BD2} -> profile=domain | dir=out | action=allow | name=checkpoint.vpn |
    {DB5EB458-0092-48FF-9AE4-A9C902A12FA4} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    {DDF13D68-C228-40CE-8FE5-414DB71499FB} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
    {E503AF24-007C-43AF-AA4D-2F9DA24BA727} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    {E521B7C4-1A50-4A8B-BB40-6912CA2397C9} -> profile=domain | dir=in | action=allow | name=microsoft mahjong |
    {E52EA5A2-CC87-4475-AEAA-78AF71854EB6} -> profile=domain | dir=out | action=allow | name=allthecooks recipes |
    {E56BFC90-B7E2-40F2-8B5F-326B4A962D41} -> profile=domain | dir=out | action=allow | name=flashcards pro |
    {E6804BC8-7366-440A-9A64-8E0C8771449D} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
    {E7985E1D-C36F-4787-80A8-6350D07E9266} -> profile=domain | dir=in | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    {E7F89A4F-C65F-46BD-A637-361B4D089BAA} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    {E86A321F-1F0A-4EF4-8438-2EFE8B156195} -> profile=domain | dir=out | action=allow | name=kindle |
    {E973E276-3D28-43BC-9743-109BD160FA59} -> dir=out | action=allow | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    {EC333985-6445-4501-A5BD-3F15D73EBEFC} -> protocol=6 | dir=in | action=allow | name=&#956;torrent (tcp-in) | app=c:\users\williej\appdata\roaming\utorrent\utorrent.exe |
    {EC799E33-72BA-42D7-9127-DEFE68F9799D} -> profile=domain | dir=in | action=allow | name=junipernetworks.junospulsevpn |
    {EDE36A80-DDB3-4082-A78F-4FAD9D345D2F} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 |
    {EFD1B4CF-386C-4828-8644-3E2F6D169252} -> profile=domain | dir=in | action=allow | name=the espn app |
    {F22D79D4-31A8-48C0-8EC5-FD826D72A65C} -> profile=domain | dir=in | action=allow | name=skype |
    {F40E0412-8ED1-4418-8B19-06DC7354C53F} -> profile=domain | dir=out | action=allow | name=check point vpn |
    {F5F8D45A-66E0-4270-90B9-1C616F5D5440} -> dir=out | action=allow | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    {F64300AD-D559-4000-BD45-0997BCC8E70A} -> profile=domain | dir=out | action=allow | name=f5.vpn.client |
    {F77E5446-4378-4E99-8B7A-7061AAAEA193} -> profile=domain | dir=in | action=allow | name=f5.vpn.client |
    {FA32B81C-C224-4EE5-9C57-DC98A818DFA5} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    {FA664EF9-60C4-4CFA-A720-900FBBC320E4} -> profile=domain | dir=in | action=allow | name=microsoft solitaire collection |
    {FCA6BDD5-3573-4E33-BABE-C938C09F1C16} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
    TCP Query User{1D5A0472-29EC-466D-92AD-9C3D696EF31E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe -> profile=private | protocol=6 | dir=in | action=allow | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
    UDP Query User{4A04A556-29E9-4211-B13D-3F5296F075AB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe -> profile=private | protocol=17 | dir=in | action=allow | name=netgeargenie | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service] -> [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon] -> [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater] -> [2013/09/20 09:57:22 | 003,907,304 | ---- | M] (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service] -> [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> @cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver ->
    "ImagePath" -> [\SystemRoot\System32\drivers\cdrom.sys] -> File not found
    < Drives with AutoRun files > -> ->
    C:\autoexec.bat [] -> C:\autoexec.bat [ NTFS ] -> [2013/12/02 15:35:04 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    \{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell
    \{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\AutoRun\command
    \{3e3f8afe-14f9-11e3-be76-78e3b5c5214a}\shell\AutoRun\command\\"" -> ["F:\LaunchU3.exe" -a] -> File not found
    \{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell
    \{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\AutoRun\command
    \{c5e94b3d-1481-11e3-be74-0c84dc8a88fd}\shell\AutoRun\command\\"" -> ["F:\LaunchU3.exe" -a] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    64bit-comfile [open] -> "%1" %*
    64bit-exefile [open] -> "%1" %*
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->


    [Files/Folders - Created Within 30 Days]
    Minidump -> C:\WINDOWS\Minidump -> [2013/12/03 18:17:12 | 000,000,000 | ---D | C]
    glindorus -> C:\Program Files (x86)\glindorus -> [2013/12/03 18:15:10 | 000,000,000 | ---D | C]
    AdwCleaner -> C:\AdwCleaner -> [2013/12/03 18:07:21 | 000,000,000 | ---D | C]
    sh4ldr -> C:\sh4ldr -> [2013/12/02 15:34:38 | 000,000,000 | ---D | C]
    Enigma Software Group -> C:\Program Files\Enigma Software Group -> [2013/12/02 15:34:38 | 000,000,000 | ---D | C]
    Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2013/12/02 15:33:35 | 000,000,000 | ---D | C]
    RefreshImage -> C:\RefreshImage -> [2013/12/01 21:28:01 | 000,000,000 | ---D | C]
    DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2013/11/30 20:50:30 | 000,000,000 | ---D | C]
    Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2013/11/30 20:48:31 | 000,000,000 | ---D | C]
    Microsoft Office 2013 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 -> [2013/11/30 20:46:45 | 000,000,000 | ---D | C]
    Microsoft Office 15 -> C:\Program Files\Microsoft Office 15 -> [2013/11/30 20:46:00 | 000,000,000 | ---D | C]
    WinRAR -> C:\Users\WillieJ\AppData\Roaming\WinRAR -> [2013/11/30 20:06:25 | 000,000,000 | ---D | C]
    Elaborate Bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes -> [2013/11/30 19:24:25 | 000,000,000 | ---D | C]
    Elaborate Bytes -> C:\Program Files (x86)\Elaborate Bytes -> [2013/11/30 19:24:25 | 000,000,000 | ---D | C]
    WinRAR -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2013/11/30 19:23:47 | 000,000,000 | ---D | C]
    WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2013/11/30 19:23:47 | 000,000,000 | ---D | C]
    WinRAR -> C:\Program Files\WinRAR -> [2013/11/30 19:23:18 | 000,000,000 | ---D | C]
    Microsoft_Research -> C:\Users\WillieJ\AppData\Local\Microsoft_Research -> [2013/11/24 20:16:05 | 000,000,000 | ---D | C]
    Symbols -> C:\WINDOWS\Symbols -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
    ASCOM Platform 6 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOM Platform 6 -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
    ASCOM -> C:\Program Files\Common Files\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
    ASCOM -> C:\Program Files (x86)\Common Files\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
    ASCOM -> C:\Program Files (x86)\ASCOM -> [2013/11/24 20:07:07 | 000,000,000 | ---D | C]
    {BBDFE733-F48B-4E86-B7C1-E6F173F01FCF} -> C:\ProgramData\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF} -> [2013/11/24 20:06:45 | 000,000,000 | -H-D | C]
    ASCOM -> C:\Users\WillieJ\Documents\ASCOM -> [2013/11/24 20:06:31 | 000,000,000 | ---D | C]
    WWT Collections -> C:\Users\WillieJ\Documents\WWT Collections -> [2013/11/24 19:54:16 | 000,000,000 | ---D | C]
    WWT MIDI Controller Maps -> C:\Users\WillieJ\Documents\WWT MIDI Controller Maps -> [2013/11/24 19:54:11 | 000,000,000 | ---D | C]
    d3dx10_43.dll -> C:\WINDOWS\SysNative\d3dx10_43.dll -> [2013/11/24 19:47:06 | 000,511,328 | ---- | C] (Microsoft Corporation)
    d3dx10_43.dll -> C:\WINDOWS\SysWow64\d3dx10_43.dll -> [2013/11/24 19:47:06 | 000,470,880 | ---- | C] (Microsoft Corporation)
    D3DCompiler_42.dll -> C:\WINDOWS\SysNative\D3DCompiler_42.dll -> [2013/11/24 19:47:05 | 002,582,888 | ---- | C] (Microsoft Corporation)
    D3DCompiler_42.dll -> C:\WINDOWS\SysWow64\D3DCompiler_42.dll -> [2013/11/24 19:47:05 | 001,974,616 | ---- | C] (Microsoft Corporation)
    d3dx11_42.dll -> C:\WINDOWS\SysNative\d3dx11_42.dll -> [2013/11/24 19:46:59 | 000,285,024 | ---- | C] (Microsoft Corporation)
    d3dx11_42.dll -> C:\WINDOWS\SysWow64\d3dx11_42.dll -> [2013/11/24 19:46:59 | 000,235,344 | ---- | C] (Microsoft Corporation)
    D3DCompiler_34.dll -> C:\WINDOWS\SysNative\D3DCompiler_34.dll -> [2013/11/24 19:46:53 | 001,401,200 | ---- | C] (Microsoft Corporation)
    D3DCompiler_34.dll -> C:\WINDOWS\SysWow64\D3DCompiler_34.dll -> [2013/11/24 19:46:53 | 001,124,720 | ---- | C] (Microsoft Corporation)
    d3dx10_34.dll -> C:\WINDOWS\SysNative\d3dx10_34.dll -> [2013/11/24 19:46:53 | 000,506,728 | ---- | C] (Microsoft Corporation)
    d3dx10_34.dll -> C:\WINDOWS\SysWow64\d3dx10_34.dll -> [2013/11/24 19:46:53 | 000,443,752 | ---- | C] (Microsoft Corporation)
    Microsoft Research -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research -> [2013/11/24 19:46:14 | 000,000,000 | ---D | C]
    Microsoft Research -> C:\Program Files (x86)\Microsoft Research -> [2013/11/24 19:46:11 | 000,000,000 | ---D | C]
    Wondershare -> C:\Users\WillieJ\AppData\Roaming\Wondershare -> [2013/11/23 18:23:58 | 000,000,000 | ---D | C]
    AimerSoft -> C:\Users\WillieJ\AppData\Roaming\AimerSoft -> [2013/11/23 18:02:22 | 000,000,000 | ---D | C]
    Aimersoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft -> [2013/11/23 17:59:00 | 000,000,000 | ---D | C]
    VirtualAudio.sys -> C:\WINDOWS\SysNative\drivers\VirtualAudio.sys -> [2013/11/23 17:58:49 | 000,031,080 | ---- | C] (Wondershare)
    Aimersoft -> C:\Program Files (x86)\Aimersoft -> [2013/11/23 17:58:46 | 000,000,000 | ---D | C]
    PasswordBox -> C:\Program Files (x86)\PasswordBox -> [2013/11/23 17:23:40 | 000,000,000 | ---D | C]
    Office -> C:\Users\WillieJ\Office -> [2013/11/22 05:13:27 | 000,000,000 | ---D | C]
    ElevatedDiagnostics -> C:\Users\WillieJ\AppData\Local\ElevatedDiagnostics -> [2013/11/19 18:19:39 | 000,000,000 | ---D | C]
    Diagnostics -> C:\Users\WillieJ\AppData\Local\Diagnostics -> [2013/11/19 18:18:54 | 000,000,000 | ---D | C]
    iVIDI.org plugin -> C:\Program Files (x86)\iVIDI.org plugin -> [2013/11/16 22:15:07 | 000,000,000 | ---D | C]
    Notificatoin -> C:\Program Files (x86)\Notificatoin -> [2013/11/16 22:15:03 | 000,000,000 | ---D | C]
    actxprxy.dll -> C:\WINDOWS\SysNative\actxprxy.dll -> [2013/11/16 00:44:33 | 002,801,664 | ---- | C] (Microsoft Corporation)
    twinui.appcore.dll -> C:\WINDOWS\SysNative\twinui.appcore.dll -> [2013/11/16 00:44:32 | 001,085,952 | ---- | C] (Microsoft Corporation)
    twinui.appcore.dll -> C:\WINDOWS\SysWow64\twinui.appcore.dll -> [2013/11/16 00:44:32 | 000,869,888 | ---- | C] (Microsoft Corporation)
    Windows.UI.Xaml.dll -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll -> [2013/11/16 00:44:11 | 018,577,408 | ---- | C] (Microsoft Corporation)
    Windows.UI.Xaml.dll -> C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll -> [2013/11/16 00:44:09 | 013,925,888 | ---- | C] (Microsoft Corporation)
    twinui.dll -> C:\WINDOWS\SysNative\twinui.dll -> [2013/11/16 00:44:09 | 013,176,320 | ---- | C] (Microsoft Corporation)
    twinui.dll -> C:\WINDOWS\SysWow64\twinui.dll -> [2013/11/16 00:44:07 | 011,674,112 | ---- | C] (Microsoft Corporation)
    WSService.dll -> C:\WINDOWS\SysNative\WSService.dll -> [2013/11/16 00:43:53 | 003,395,920 | ---- | C] (Microsoft Corporation)
    mstscax.dll -> C:\WINDOWS\SysNative\mstscax.dll -> [2013/11/16 00:43:46 | 006,639,616 | ---- | C] (Microsoft Corporation)
    ntoskrnl.exe -> C:\WINDOWS\SysNative\ntoskrnl.exe -> [2013/11/16 00:43:45 | 007,399,256 | ---- | C] (Microsoft Corporation)
    mstscax.dll -> C:\WINDOWS\SysWow64\mstscax.dll -> [2013/11/16 00:43:45 | 005,769,728 | ---- | C] (Microsoft Corporation)
    SettingsHandlers.dll -> C:\WINDOWS\SysNative\SettingsHandlers.dll -> [2013/11/16 00:43:43 | 002,570,240 | ---- | C] (Microsoft Corporation)
    SyncEngine.dll -> C:\WINDOWS\SysNative\SyncEngine.dll -> [2013/11/16 00:43:42 | 004,104,704 | ---- | C] (Microsoft Corporation)
    dwmcore.dll -> C:\WINDOWS\SysNative\dwmcore.dll -> [2013/11/16 00:43:42 | 002,143,744 | ---- | C] (Microsoft Corporation)
    authui.dll -> C:\WINDOWS\SysNative\authui.dll -> [2013/11/16 00:43:41 | 002,617,344 | ---- | C] (Microsoft Corporation)
    AppXDeploymentServer.dll -> C:\WINDOWS\SysNative\AppXDeploymentServer.dll -> [2013/11/16 00:43:41 | 001,302,528 | ---- | C] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2013/11/16 00:43:40 | 002,328,872 | ---- | C] (Microsoft Corporation)
    authui.dll -> C:\WINDOWS\SysWow64\authui.dll -> [2013/11/16 00:43:40 | 002,295,808 | ---- | C] (Microsoft Corporation)
    workfolderssvc.dll -> C:\WINDOWS\SysNative\workfolderssvc.dll -> [2013/11/16 00:43:40 | 001,584,128 | ---- | C] (Microsoft Corporation)
    Windows.Media.dll -> C:\WINDOWS\SysNative\Windows.Media.dll -> [2013/11/16 00:43:40 | 001,231,360 | ---- | C] (Microsoft Corporation)
    UIAutomationCore.dll -> C:\WINDOWS\SysNative\UIAutomationCore.dll -> [2013/11/16 00:43:40 | 001,147,904 | ---- | C] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2013/11/16 00:43:39 | 002,065,448 | ---- | C] (Microsoft Corporation)
    mfasfsrcsnk.dll -> C:\WINDOWS\SysNative\mfasfsrcsnk.dll -> [2013/11/16 00:43:38 | 001,067,080 | ---- | C] (Microsoft Corporation)
    UIAutomationCore.dll -> C:\WINDOWS\SysWow64\UIAutomationCore.dll -> [2013/11/16 00:43:38 | 000,920,064 | ---- | C] (Microsoft Corporation)
    Windows.Media.dll -> C:\WINDOWS\SysWow64\Windows.Media.dll -> [2013/11/16 00:43:38 | 000,888,832 | ---- | C] (Microsoft Corporation)
    dwmcore.dll -> C:\WINDOWS\SysWow64\dwmcore.dll -> [2013/11/16 00:43:37 | 001,765,376 | ---- | C] (Microsoft Corporation)
    mfasfsrcsnk.dll -> C:\WINDOWS\SysWow64\mfasfsrcsnk.dll -> [2013/11/16 00:43:37 | 000,883,184 | ---- | C] (Microsoft Corporation)
    WSShared.dll -> C:\WINDOWS\SysNative\WSShared.dll -> [2013/11/16 00:43:37 | 000,839,680 | ---- | C] (Microsoft Corporation)
    WSShared.dll -> C:\WINDOWS\SysWow64\WSShared.dll -> [2013/11/16 00:43:37 | 000,700,928 | ---- | C] (Microsoft Corporation)
    mfsvr.dll -> C:\WINDOWS\SysNative\mfsvr.dll -> [2013/11/16 00:43:37 | 000,481,392 | ---- | C] (Microsoft Corporation)
    d3d9.dll -> C:\WINDOWS\SysNative\d3d9.dll -> [2013/11/16 00:43:36 | 002,134,120 | ---- | C] (Microsoft Corporation)
    kernel32.dll -> C:\WINDOWS\SysNative\kernel32.dll -> [2013/11/16 00:43:36 | 001,287,064 | ---- | C] (Microsoft Corporation)
    Windows.Networking.BackgroundTransfer.dll -> C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll -> [2013/11/16 00:43:36 | 000,578,560 | ---- | C] (Microsoft Corporation)
    d2d1.dll -> C:\WINDOWS\SysNative\d2d1.dll -> [2013/11/16 00:43:35 | 004,599,808 | ---- | C] (Microsoft Corporation)
    Windows.Web.Http.dll -> C:\WINDOWS\SysNative\Windows.Web.Http.dll -> [2013/11/16 00:43:35 | 001,160,704 | ---- | C] (Microsoft Corporation)
    d3d10level9.dll -> C:\WINDOWS\SysNative\d3d10level9.dll -> [2013/11/16 00:43:35 | 000,699,840 | ---- | C] (Microsoft Corporation)
    mfsvr.dll -> C:\WINDOWS\SysWow64\mfsvr.dll -> [2013/11/16 00:43:35 | 000,380,656 | ---- | C] (Microsoft Corporation)
    winmde.dll -> C:\WINDOWS\SysNative\winmde.dll -> [2013/11/16 00:43:34 | 001,399,176 | ---- | C] (Microsoft Corporation)
    wmpmde.dll -> C:\WINDOWS\SysNative\wmpmde.dll -> [2013/11/16 00:43:34 | 001,373,872 | ---- | C] (Microsoft Corporation)
    Windows.Web.Http.dll -> C:\WINDOWS\SysWow64\Windows.Web.Http.dll -> [2013/11/16 00:43:34 | 000,762,368 | ---- | C] (Microsoft Corporation)
    Windows.Networking.BackgroundTransfer.dll -> C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll -> [2013/11/16 00:43:34 | 000,411,648 | ---- | C] (Microsoft Corporation)
    TSWorkspace.dll -> C:\WINDOWS\SysNative\TSWorkspace.dll -> [2013/11/16 00:43:33 | 001,011,712 | ---- | C] (Microsoft Corporation)
    iuilp.dll -> C:\WINDOWS\SysNative\iuilp.dll -> [2013/11/16 00:43:33 | 000,708,616 | ---- | C] (Microsoft Corporation)
    dnsapi.dll -> C:\WINDOWS\SysNative\dnsapi.dll -> [2013/11/16 00:43:33 | 000,656,384 | ---- | C] (Microsoft Corporation)
    AppReadiness.dll -> C:\WINDOWS\SysNative\AppReadiness.dll -> [2013/11/16 00:43:33 | 000,533,504 | ---- | C] (Microsoft Corporation)
    winmde.dll -> C:\WINDOWS\SysWow64\winmde.dll -> [2013/11/16 00:43:32 | 001,204,968 | ---- | C] (Microsoft Corporation)
    WorkfoldersControl.dll -> C:\WINDOWS\SysNative\WorkfoldersControl.dll -> [2013/11/16 00:43:32 | 000,761,856 | ---- | C] (Microsoft Corporation)
    WWAHost.exe -> C:\WINDOWS\SysNative\WWAHost.exe -> [2013/11/16 00:43:32 | 000,631,296 | ---- | C] (Microsoft Corporation)
    WWAHost.exe -> C:\WINDOWS\SysWow64\WWAHost.exe -> [2013/11/16 00:43:31 | 000,518,656 | ---- | C] (Microsoft Corporation)
    AudioSes.dll -> C:\WINDOWS\SysNative\AudioSes.dll -> [2013/11/16 00:43:31 | 000,465,960 | ---- | C] (Microsoft Corporation)
    eapphost.dll -> C:\WINDOWS\SysNative\eapphost.dll -> [2013/11/16 00:43:31 | 000,331,776 | ---- | C] (Microsoft Corporation)
    kd_02_8086.dll -> C:\WINDOWS\SysNative\kd_02_8086.dll -> [2013/11/16 00:43:31 | 000,171,864 | ---- | C] (Microsoft Corporation)
    ploptin.dll -> C:\WINDOWS\SysNative\ploptin.dll -> [2013/11/16 00:43:31 | 000,031,064 | ---- | C] (Microsoft Corporation)
    comdlg32.dll -> C:\WINDOWS\SysNative\comdlg32.dll -> [2013/11/16 00:43:30 | 000,607,744 | ---- | C] (Microsoft Corporation)
    apphelp.dll -> C:\WINDOWS\SysNative\apphelp.dll -> [2013/11/16 00:43:30 | 000,558,080 | ---- | C] (Microsoft Corporation)
    tsmf.dll -> C:\WINDOWS\SysNative\tsmf.dll -> [2013/11/16 00:43:30 | 000,391,512 | ---- | C] (Microsoft Corporation)
    eapp3hst.dll -> C:\WINDOWS\SysNative\eapp3hst.dll -> [2013/11/16 00:43:30 | 000,325,120 | ---- | C] (Microsoft Corporation)
    portcls.sys -> C:\WINDOWS\SysNative\drivers\portcls.sys -> [2013/11/16 00:43:30 | 000,270,848 | ---- | C] (Microsoft Corporation)
    TSWorkspace.dll -> C:\WINDOWS\SysWow64\TSWorkspace.dll -> [2013/11/16 00:43:29 | 000,795,648 | ---- | C] (Microsoft Corporation)
    tsmf.dll -> C:\WINDOWS\SysWow64\tsmf.dll -> [2013/11/16 00:43:29 | 000,345,552 | ---- | C] (Microsoft Corporation)
    wintrust.dll -> C:\WINDOWS\SysNative\wintrust.dll -> [2013/11/16 00:43:29 | 000,317,616 | ---- | C] (Microsoft Corporation)
    pcsvDevice.dll -> C:\WINDOWS\SysNative\pcsvDevice.dll -> [2013/11/16 00:43:29 | 000,286,208 | ---- | C] (Microsoft Corporation)
    psmsrv.dll -> C:\WINDOWS\SysNative\psmsrv.dll -> [2013/11/16 00:43:29 | 000,134,656 | ---- | C] (Microsoft Corporation)
    ncryptsslp.dll -> C:\WINDOWS\SysNative\ncryptsslp.dll -> [2013/11/16 00:43:29 | 000,104,320 | ---- | C] (Microsoft Corporation)
    spaceport.sys -> C:\WINDOWS\SysNative\drivers\spaceport.sys -> [2013/11/16 00:43:28 | 000,371,032 | ---- | C] (Microsoft Corporation)
    eapphost.dll -> C:\WINDOWS\SysWow64\eapphost.dll -> [2013/11/16 00:43:28 | 000,262,144 | ---- | C] (Microsoft Corporation)
    msched.dll -> C:\WINDOWS\SysNative\msched.dll -> [2013/11/16 00:43:28 | 000,132,608 | ---- | C] (Microsoft Corporation)
    ncryptsslp.dll -> C:\WINDOWS\SysWow64\ncryptsslp.dll -> [2013/11/16 00:43:28 | 000,088,272 | ---- | C] (Microsoft Corporation)
    samsrv.dll -> C:\WINDOWS\SysNative\samsrv.dll -> [2013/11/16 00:43:27 | 000,830,464 | ---- | C] (Microsoft Corporation)
    USBXHCI.SYS -> C:\WINDOWS\SysNative\drivers\USBXHCI.SYS -> [2013/11/16 00:43:26 | 000,325,464 | ---- | C] (Microsoft Corporation)
    dafBth.dll -> C:\WINDOWS\SysNative\dafBth.dll -> [2013/11/16 00:43:26 | 000,092,672 | ---- | C] (Microsoft Corporation)
    TSWbPrxy.exe -> C:\WINDOWS\SysNative\TSWbPrxy.exe -> [2013/11/16 00:43:26 | 000,083,968 | ---- | C] (Microsoft Corporation)
    stornvme.sys -> C:\WINDOWS\SysNative\drivers\stornvme.sys -> [2013/11/16 00:43:26 | 000,057,176 | ---- | C] (Microsoft Corporation)
    wuauclt.exe -> C:\WINDOWS\SysNative\wuauclt.exe -> [2013/11/16 00:43:26 | 000,054,776 | ---- | C] (Microsoft Corporation)
    wldp.dll -> C:\WINDOWS\SysNative\wldp.dll -> [2013/11/16 00:43:26 | 000,044,936 | ---- | C] (Microsoft Corporation)
    intelpep.sys -> C:\WINDOWS\SysNative\drivers\intelpep.sys -> [2013/11/16 00:43:26 | 000,039,768 | ---- | C] (Microsoft Corporation)
    Display.dll -> C:\WINDOWS\SysNative\Display.dll -> [2013/11/16 00:43:25 | 001,843,712 | ---- | C] (Microsoft Corporation)
    Display.dll -> C:\WINDOWS\SysWow64\Display.dll -> [2013/11/16 00:43:25 | 001,816,576 | ---- | C] (Microsoft Corporation)
    AppXDeploymentExtensions.dll -> C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll -> [2013/11/16 00:43:25 | 000,922,624 | ---- | C] (Microsoft Corporation)
    WUSettingsProvider.dll -> C:\WINDOWS\SysNative\WUSettingsProvider.dll -> [2013/11/16 00:43:25 | 000,381,952 | ---- | C] (Microsoft Corporation)
    dafWfdProvider.dll -> C:\WINDOWS\SysNative\dafWfdProvider.dll -> [2013/11/16 00:43:25 | 000,184,832 | ---- | C] (Microsoft Corporation)
    shsetup.dll -> C:\WINDOWS\SysNative\shsetup.dll -> [2013/11/16 00:43:25 | 000,113,152 | ---- | C] (Microsoft Corporation)
    eappcfg.dll -> C:\WINDOWS\SysNative\eappcfg.dll -> [2013/11/16 00:43:24 | 000,335,360 | ---- | C] (Microsoft Corporation)
    eappcfg.dll -> C:\WINDOWS\SysWow64\eappcfg.dll -> [2013/11/16 00:43:24 | 000,272,896 | ---- | C] (Microsoft Corporation)
    eapp3hst.dll -> C:\WINDOWS\SysWow64\eapp3hst.dll -> [2013/11/16 00:43:24 | 000,245,248 | ---- | C] (Microsoft Corporation)
    WiFiDisplay.dll -> C:\WINDOWS\SysNative\WiFiDisplay.dll -> [2013/11/16 00:43:24 | 000,103,424 | ---- | C] (Microsoft Corporation)
    eappgnui.dll -> C:\WINDOWS\SysNative\eappgnui.dll -> [2013/11/16 00:43:24 | 000,101,888 | ---- | C] (Microsoft Corporation)
    shsetup.dll -> C:\WINDOWS\SysWow64\shsetup.dll -> [2013/11/16 00:43:24 | 000,094,208 | ---- | C] (Microsoft Corporation)
    eappgnui.dll -> C:\WINDOWS\SysWow64\eappgnui.dll -> [2013/11/16 00:43:24 | 000,093,184 | ---- | C] (Microsoft Corporation)
    wucltux.dll -> C:\WINDOWS\SysNative\wucltux.dll -> [2013/11/16 00:43:23 | 001,704,448 | ---- | C] (Microsoft Corporation)
    rdpclip.exe -> C:\WINDOWS\SysNative\rdpclip.exe -> [2013/11/16 00:43:23 | 000,338,944 | ---- | C] (Microsoft Corporation)
    Windows.ApplicationModel.Store.TestingFramework.dll -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll -> [2013/11/16 00:43:23 | 000,249,856 | ---- | C] (Microsoft Corporation)
    Windows.ApplicationModel.Store.TestingFramework.dll -> C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll -> [2013/11/16 00:43:23 | 000,189,952 | ---- | C] (Microsoft Corporation)
    WorkFoldersShell.dll -> C:\WINDOWS\SysNative\WorkFoldersShell.dll -> [2013/11/16 00:43:23 | 000,186,880 | ---- | C] (Microsoft Corporation)
    ftp.exe -> C:\WINDOWS\SysWow64\ftp.exe -> [2013/11/16 00:43:23 | 000,049,152 | ---- | C] (Microsoft Corporation)
    MrmCoreR.dll -> C:\WINDOWS\SysNative\MrmCoreR.dll -> [2013/11/16 00:43:22 | 000,909,312 | ---- | C] (Microsoft Corporation)
    MrmCoreR.dll -> C:\WINDOWS\SysWow64\MrmCoreR.dll -> [2013/11/16 00:43:22 | 000,621,056 | ---- | C] (Microsoft Corporation)
    miutils.dll -> C:\WINDOWS\SysNative\miutils.dll -> [2013/11/16 00:43:22 | 000,226,304 | ---- | C] (Microsoft Corporation)
    miutils.dll -> C:\WINDOWS\SysWow64\miutils.dll -> [2013/11/16 00:43:22 | 000,180,224 | ---- | C] (Microsoft Corporation)
    AppxAllUserStore.dll -> C:\WINDOWS\SysNative\AppxAllUserStore.dll -> [2013/11/16 00:43:22 | 000,160,768 | ---- | C] (Microsoft Corporation)
    AppxAllUserStore.dll -> C:\WINDOWS\SysWow64\AppxAllUserStore.dll -> [2013/11/16 00:43:22 | 000,139,776 | ---- | C] (Microsoft Corporation)
    ftp.exe -> C:\WINDOWS\SysNative\ftp.exe -> [2013/11/16 00:43:22 | 000,053,248 | ---- | C] (Microsoft Corporation)
    OneNote Notebooks -> C:\Users\WillieJ\Documents\OneNote Notebooks -> [2013/11/13 12:49:16 | 000,000,000 | ---D | C]
    gdi32.dll -> C:\WINDOWS\SysNative\gdi32.dll -> [2013/11/12 17:09:12 | 001,341,288 | ---- | C] (Microsoft Corporation)
    wfplwfs.sys -> C:\WINDOWS\SysNative\drivers\wfplwfs.sys -> [2013/11/12 17:09:11 | 000,136,536 | ---- | C] (Microsoft Corporation)
    inetcpl.cpl -> C:\WINDOWS\SysWow64\inetcpl.cpl -> [2013/11/12 17:09:05 | 001,926,656 | ---- | C] (Microsoft Corporation)
    ieetwcollector.exe -> C:\WINDOWS\SysNative\ieetwcollector.exe -> [2013/11/12 17:09:05 | 000,111,616 | ---- | C] (Microsoft Corporation)
    jscript9.dll -> C:\WINDOWS\SysNative\jscript9.dll -> [2013/11/12 17:09:04 | 005,765,120 | ---- | C] (Microsoft Corporation)
    inetcpl.cpl -> C:\WINDOWS\SysNative\inetcpl.cpl -> [2013/11/12 17:09:04 | 001,993,728 | ---- | C] (Microsoft Corporation)
    ie4uinit.exe -> C:\WINDOWS\SysNative\ie4uinit.exe -> [2013/11/12 17:09:04 | 000,218,624 | ---- | C] (Microsoft Corporation)
    crypt32.dll -> C:\WINDOWS\SysNative\crypt32.dll -> [2013/11/12 17:09:02 | 001,943,536 | ---- | C] (Microsoft Corporation)
    Custom Office Templates -> C:\Users\WillieJ\Documents\Custom Office Templates -> [2013/11/12 15:52:34 | 000,000,000 | ---D | C]
    dtsoftbus01.sys -> C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | C] (Disc Soft Ltd)
    DAEMON Tools Lite -> C:\Users\WillieJ\AppData\Roaming\DAEMON Tools Lite -> [2013/11/10 10:03:09 | 000,000,000 | ---D | C]
    DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2013/11/10 10:03:08 | 000,000,000 | ---D | C]
    DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2013/11/10 10:02:11 | 000,000,000 | ---D | C]
    Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2013/11/09 18:43:28 | 000,000,000 | ---D | C]
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/12/04 18:02:00 | 000,000,920 | ---- | M] ()
    PerfStringBackup.INI -> C:\WINDOWS\SysNative\PerfStringBackup.INI -> [2013/12/04 05:23:20 | 000,956,476 | ---- | M] ()
    perfh009.dat -> C:\WINDOWS\SysNative\perfh009.dat -> [2013/12/04 05:23:20 | 000,794,884 | ---- | M] ()
    perfc009.dat -> C:\WINDOWS\SysNative\perfc009.dat -> [2013/12/04 05:23:20 | 000,161,140 | ---- | M] ()
    GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/12/04 05:19:47 | 000,000,916 | ---- | M] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/12/04 05:18:56 | 000,067,584 | --S- | M] ()
    swapfile.sys -> C:\swapfile.sys -> [2013/12/04 05:16:54 | 268,435,456 | -HS- | M] ()
    hiberfil.sys -> C:\hiberfil.sys -> [2013/12/04 05:16:54 | 1883,643,903 | -HS- | M] ()
    FNTCACHE.DAT -> C:\WINDOWS\SysNative\FNTCACHE.DAT -> [2013/12/02 18:56:10 | 000,492,440 | ---- | M] ()
    autoexec.bat -> C:\autoexec.bat -> [2013/12/02 15:35:04 | 000,000,000 | ---- | M] ()
    diagwrn.xml -> C:\WINDOWS\diagwrn.xml -> [2013/12/01 21:30:50 | 000,049,264 | ---- | M] ()
    diagerr.xml -> C:\WINDOWS\diagerr.xml -> [2013/12/01 21:30:50 | 000,048,273 | ---- | M] ()
    HPCeeScheduleForWillieJ.job -> C:\WINDOWS\tasks\HPCeeScheduleForWillieJ.job -> [2013/11/30 21:15:01 | 000,000,354 | ---- | M] ()
    Virtual CloneDrive.lnk -> C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> [2013/11/30 19:24:41 | 000,001,233 | ---- | M] ()
    µTorrent.lnk -> C:\Users\WillieJ\Desktop\µTorrent.lnk -> [2013/11/30 19:10:46 | 000,000,905 | ---- | M] ()
    Google Chrome.lnk -> C:\Users\WillieJ\Desktop\Google Chrome.lnk -> [2013/11/30 18:59:09 | 000,002,424 | ---- | M] ()
    Launch Internet Explorer Browser.lnk -> C:\Users\WillieJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2013/11/30 18:59:02 | 000,001,625 | ---- | M] ()
    WWT ¦ Mars.lnk -> C:\Users\Public\Desktop\WWT ¦ Mars.lnk -> [2013/11/25 18:03:55 | 000,002,687 | ---- | M] ()
    WorldWide Telescope.lnk -> C:\Users\Public\Desktop\WorldWide Telescope.lnk -> [2013/11/25 18:03:55 | 000,002,675 | ---- | M] ()
    ASCOM Diagnostics.lnk -> C:\Users\Public\Desktop\ASCOM Diagnostics.lnk -> [2013/11/24 20:07:32 | 000,001,253 | ---- | M] ()
    ProfileExplorer.lnk -> C:\Users\Public\Desktop\ProfileExplorer.lnk -> [2013/11/24 20:07:32 | 000,001,091 | ---- | M] ()
    Aimersoft Music Recorder.lnk -> C:\Users\WillieJ\Desktop\Aimersoft Music Recorder.lnk -> [2013/11/23 17:59:00 | 000,001,240 | ---- | M] ()
    avgtpx64.sys -> C:\WINDOWS\SysNative\drivers\avgtpx64.sys -> [2013/11/21 16:37:31 | 000,046,368 | ---- | M] (AVG Technologies)
    HTC Sync Manager.lnk -> C:\Users\Public\Desktop\HTC Sync Manager.lnk -> [2013/11/20 05:04:32 | 000,002,014 | ---- | M] ()
    Send to OneNote.lnk -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> [2013/11/13 12:49:27 | 000,001,122 | ---- | M] ()
    klelam.sys -> C:\WINDOWS\SysNative\drivers\klelam.sys -> [2013/11/13 03:53:59 | 000,029,792 | ---- | M] (Kaspersky Lab)
    Ford Escape.pdf -> C:\Users\WillieJ\Documents\Ford Escape.pdf -> [2013/11/11 16:47:21 | 000,059,880 | ---- | M] ()
    Controller.pdf -> C:\Users\WillieJ\Documents\Controller.pdf -> [2013/11/11 16:40:55 | 000,059,892 | ---- | M] ()
    DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2013/11/10 10:03:20 | 000,001,929 | ---- | M] ()
    dtsoftbus01.sys -> C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -> [2013/11/10 10:03:13 | 000,283,064 | ---- | M] (Disc Soft Ltd)
    Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2013/11/09 18:43:28 | 000,002,199 | ---- | M] ()
    FlashPlayerApp.exe -> C:\WINDOWS\SysWow64\FlashPlayerApp.exe -> [2013/11/05 17:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated)
    FlashPlayerCPLApp.cpl -> C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl -> [2013/11/05 17:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated)
    Windows.UI.Xaml.dll -> C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll -> [2013/11/05 10:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation)
    Windows.UI.Xaml.dll -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll -> [2013/11/05 10:11:46 | 018,577,408 | ---- | M] (Microsoft Corporation)
    twinui.dll -> C:\WINDOWS\SysWow64\twinui.dll -> [2013/11/05 08:30:00 | 011,674,112 | ---- | M] (Microsoft Corporation)
    twinui.dll -> C:\WINDOWS\SysNative\twinui.dll -> [2013/11/05 08:29:00 | 013,176,320 | ---- | M] (Microsoft Corporation)
    2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
    1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
    1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp ->

    [Files - No Company Name]
    autoexec.bat -> C:\autoexec.bat -> [2013/12/02 15:35:04 | 000,000,000 | ---- | C] ()
    Virtual CloneDrive.lnk -> C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> [2013/11/30 19:24:41 | 000,001,233 | ---- | C] ()
    µTorrent.lnk -> C:\Users\WillieJ\Desktop\µTorrent.lnk -> [2013/11/30 19:10:46 | 000,000,905 | ---- | C] ()
    ASCOM Diagnostics.lnk -> C:\Users\Public\Desktop\ASCOM Diagnostics.lnk -> [2013/11/24 20:07:32 | 000,001,253 | ---- | C] ()
    ProfileExplorer.lnk -> C:\Users\Public\Desktop\ProfileExplorer.lnk -> [2013/11/24 20:07:32 | 000,001,091 | ---- | C] ()
    WWT ¦ Mars.lnk -> C:\Users\Public\Desktop\WWT ¦ Mars.lnk -> [2013/11/24 19:46:14 | 000,002,687 | ---- | C] ()
    WorldWide Telescope.lnk -> C:\Users\Public\Desktop\WorldWide Telescope.lnk -> [2013/11/24 19:46:14 | 000,002,675 | ---- | C] ()
    Aimersoft Music Recorder.lnk -> C:\Users\WillieJ\Desktop\Aimersoft Music Recorder.lnk -> [2013/11/23 17:59:00 | 000,001,240 | ---- | C] ()
    ApnDatabase.xml -> C:\WINDOWS\SysNative\ApnDatabase.xml -> [2013/11/16 00:43:25 | 000,385,528 | ---- | C] ()
    Send to OneNote.lnk -> C:\Users\WillieJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> [2013/11/13 12:49:26 | 000,001,122 | ---- | C] ()
    Ford Escape.pdf -> C:\Users\WillieJ\Documents\Ford Escape.pdf -> [2013/11/11 16:47:20 | 000,059,880 | ---- | C] ()
    Controller.pdf -> C:\Users\WillieJ\Documents\Controller.pdf -> [2013/11/11 16:40:55 | 000,059,892 | ---- | C] ()
    DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2013/11/10 10:03:20 | 000,001,929 | ---- | C] ()
    Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2013/11/09 18:43:28 | 000,002,199 | ---- | C] ()
    resmon.resmoncfg -> C:\Users\WillieJ\AppData\Local\resmon.resmoncfg -> [2013/10/29 20:19:59 | 000,007,618 | ---- | C] ()
    PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2013/10/21 21:04:19 | 000,930,400 | ---- | C] ()
    ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2013/10/21 21:02:55 | 000,000,000 | ---- | C] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2013/10/20 17:34:13 | 000,000,060 | ---- | C] ()
    amdhdl32.dll -> C:\WINDOWS\SysWow64\amdhdl32.dll -> [2013/09/18 23:32:30 | 000,123,392 | ---- | C] ()
    ativvsvl.dat -> C:\WINDOWS\SysWow64\ativvsvl.dat -> [2013/08/24 20:02:32 | 000,204,952 | ---- | C] ()
    ativvsva.dat -> C:\WINDOWS\SysWow64\ativvsva.dat -> [2013/08/24 20:02:32 | 000,157,144 | ---- | C] ()
    atipblag.dat -> C:\WINDOWS\SysWow64\atipblag.dat -> [2013/08/24 20:02:28 | 000,003,917 | ---- | C] ()
    amdocl_as32.exe -> C:\WINDOWS\SysWow64\amdocl_as32.exe -> [2013/08/24 20:02:16 | 000,995,342 | ---- | C] ()
    amdocl_ld32.exe -> C:\WINDOWS\SysWow64\amdocl_ld32.exe -> [2013/08/24 20:02:16 | 000,798,734 | ---- | C] ()
    dssec.dat -> C:\WINDOWS\SysWow64\dssec.dat -> [2013/08/22 09:36:43 | 000,215,943 | ---- | C] ()
    NOISE.DAT -> C:\WINDOWS\SysWow64\NOISE.DAT -> [2013/08/22 09:36:42 | 000,000,741 | ---- | C] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/08/22 08:46:23 | 000,067,584 | --S- | C] ()
    mib.bin -> C:\WINDOWS\mib.bin -> [2013/08/22 01:01:23 | 000,043,131 | ---- | C] ()
    BWContextHandler.dll -> C:\WINDOWS\SysWow64\BWContextHandler.dll -> [2013/08/21 21:32:36 | 000,046,080 | ---- | C] ()
    OEMLicense.dll -> C:\WINDOWS\SysWow64\OEMLicense.dll -> [2013/08/21 21:17:46 | 000,103,936 | ---- | C] ()
    msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2013/08/21 17:55:20 | 000,364,544 | ---- | C] ()
    mlang.dat -> C:\WINDOWS\SysWow64\mlang.dat -> [2013/08/21 17:52:39 | 000,673,088 | ---- | C] ()
    FW7650.bin -> C:\WINDOWS\SysWow64\drivers\FW7650.bin -> [2013/07/06 16:04:12 | 000,367,348 | ---- | C] ()
    RaCheckBTDev.ini -> C:\WINDOWS\SysWow64\RaCheckBTDev.ini -> [2013/07/06 16:04:12 | 000,000,313 | ---- | C] ()
    igkrng500.bin -> C:\WINDOWS\SysWow64\igkrng500.bin -> [2012/07/25 14:22:54 | 000,982,240 | ---- | C] ()
    igcompkrng500.bin -> C:\WINDOWS\SysWow64\igcompkrng500.bin -> [2012/07/25 14:22:54 | 000,439,308 | ---- | C] ()
    igfcg500m.bin -> C:\WINDOWS\SysWow64\igfcg500m.bin -> [2012/07/25 14:22:54 | 000,092,356 | ---- | C] ()

    [Alternate Data Streams]
    @Alternate Data Stream - 220 bytes -> C:\Users\WillieJ\SkyDrive:ms-properties
    < End of report >
    [/code]
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    please attach the report as a txt file
    when it is spread over several posts, it cannot be used to build a fix without lots of extra work
    thanks
     
  12. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    do I need to post the findings again.
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    please attach the findings as a txt file
    it was too big to go in one post
    we asked you to do that in the original request
     
  14. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    the report is listed as a txt file but will not upload to your site. please instruct as to how to do this
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    it might be too large or it might be a.log
    please right click the file icon & select send to compressed (zip) folders
    that makes a zip file. Upload the zip
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1114409