Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-unders, URL rewrites in IE10 [Solved]


  • This topic is locked This topic is locked

#1
Ken_K

Ken_K

    Member

  • Member
  • PipPip
  • 10 posts
I am experiencing pop-unders (as far as I can tell since I don't see them until the browser is minimized), and URL modifications for some URLs.

Here is the OTL results:

OTL logfile created on: 10/2/2013 12:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 3.19 Gb Available Physical Memory | 40.08% Memory free
15.90 Gb Paging File | 11.56 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.42 Gb Total Space | 41.00 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 2.20 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.52% Space Free | Partition Type: FAT32

Computer Name: KM-ADMIN-02 | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 12:56:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2013/09/05 07:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/09/03 20:24:56 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2013/09/03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013/08/30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013/08/14 13:11:02 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Ken\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/12 19:20:03 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/10 16:56:36 | 000,306,176 | ---- | M] () -- C:\Program Files (x86)\DeskDirector Chat\DeskDirectorChat.exe
PRC - [2013/07/08 13:57:46 | 000,264,192 | ---- | M] (N-able Technologies) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
PRC - [2013/07/08 13:57:44 | 000,016,896 | ---- | M] (N-able Technologies) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe
PRC - [2013/06/05 14:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/22 12:08:34 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Smart Client Service\HPBroadcastServer.exe
PRC - [2013/03/06 16:50:00 | 001,420,600 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2013/01/22 13:02:19 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2012/09/12 18:15:30 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/05 19:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2012/04/05 18:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2012/03/13 16:14:08 | 000,330,104 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2012/03/13 16:14:05 | 001,126,264 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2012/03/13 16:14:05 | 000,980,856 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2012/03/13 16:14:04 | 000,203,640 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2012/03/13 16:11:19 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2012/03/13 16:01:40 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2012/03/13 16:01:13 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/03/13 16:01:11 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/03/09 11:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2012/03/09 11:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/11/10 15:02:18 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/08/26 13:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/08/26 13:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/08/11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/04/18 23:57:14 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2011/03/15 16:02:28 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 10:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 10:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/07/29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/06/06 09:44:48 | 003,487,288 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
PRC - [2010/06/06 09:44:40 | 000,611,888 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/16 20:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/16 20:21:26 | 013,611,984 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/16 20:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/16 20:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/16 20:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/16 20:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/09/11 08:12:40 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll
MOD - [2013/09/11 07:54:07 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5126089292f3f953c53f7f7defc0a79f\System.ServiceModel.Web.ni.dll
MOD - [2013/09/11 07:53:35 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 07:53:34 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c7e65a2dfe8622af6e256cb4a7a3352e\System.IdentityModel.ni.dll
MOD - [2013/09/11 07:53:33 | 017,477,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c0593e0b0fafb24a15548809f246d9e0\System.ServiceModel.ni.dll
MOD - [2013/09/10 22:41:27 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/10 22:41:17 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/03 15:25:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013/08/30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013/08/30 10:00:58 | 000,381,808 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
MOD - [2013/08/22 15:25:02 | 010,530,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Gibraltar.Agent\bf9711e1becc97409de09b788db63097\Gibraltar.Agent.ni.dll
MOD - [2013/08/22 15:24:52 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WPFToolkit\4a356c59601040dd76918f498aa7aaa1\WPFToolkit.ni.dll
MOD - [2013/08/22 15:24:50 | 001,126,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WPFToolkit.Extended\37c179d8d345c8ffb5fb2f4376df48d8\WPFToolkit.Extended.ni.dll
MOD - [2013/08/22 15:24:39 | 001,625,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\a6316b06bb2c62c86aab80ec40471b7c\Newtonsoft.Json.ni.dll
MOD - [2013/08/22 15:24:34 | 000,431,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AspNet.Si#\98ef94bce7a6ec70f42efc6d267e9d89\Microsoft.AspNet.SignalR.Client.Net.ni.dll
MOD - [2013/08/22 15:24:32 | 004,536,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Threading\2d4e644c089255e8556661f5c790569a\System.Threading.ni.dll
MOD - [2013/08/22 15:24:27 | 000,187,392 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.CoreEx\575c9c463e08108c420acca2eeee796b\System.CoreEx.ni.dll
MOD - [2013/08/22 15:24:26 | 000,580,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Caliburn.Micro\4da4cc6eb546513c41738a78deb7fc77\Caliburn.Micro.ni.dll
MOD - [2013/08/22 15:24:25 | 000,116,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\bb013c657fa0d3b7187aad2f5f9b1441\System.Windows.Interactivity.ni.dll
MOD - [2013/08/22 15:24:17 | 000,576,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\DeskDirectorChat\8048224788c97e1f79b15107495d1a0a\DeskDirectorChat.ni.exe
MOD - [2013/08/13 16:43:27 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\245d1e603b9f9a15d8934c4f1bbe55ee\System.Xml.Linq.ni.dll
MOD - [2013/08/13 16:19:15 | 000,094,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\b941bb58cfb28d2a368e3ed6cac9026a\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/08/13 16:18:49 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/13 16:18:13 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/08/13 16:18:12 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/08/13 16:17:54 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/13 16:17:53 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/08/13 14:04:06 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/13 14:03:59 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/13 14:03:49 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/13 14:03:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/13 14:03:40 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/13 14:03:37 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/13 14:03:36 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/13 14:03:29 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/13 14:03:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 10:24:06 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/07/10 16:56:36 | 000,306,176 | ---- | M] () -- C:\Program Files (x86)\DeskDirector Chat\DeskDirectorChat.exe
MOD - [2013/07/09 16:54:47 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/09 16:53:33 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/05 14:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/04/05 19:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/04/18 23:57:14 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/06 09:44:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\imageformats\qgif4.dll
MOD - [2010/06/06 09:44:48 | 004,993,024 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtGui4.dll
MOD - [2010/06/06 09:44:40 | 001,302,528 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtCore4.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\UpdateService.exe -- (UpdateService)
SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\EndpointService.exe -- (EndpointService)
SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\EndpointIntegration.exe -- (EndpointIntegration)
SRV:64bit: - [2013/07/24 14:55:07 | 002,284,880 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Common Files\N-able Technologies\Endpoint Agent\epag.exe -- (epag)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/28 12:06:44 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/12/28 12:06:43 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012/09/24 14:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/06/25 17:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 17:05:54 | 000,628,016 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 17:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 18:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/04/05 18:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2012/03/15 08:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/03/14 14:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2012/02/15 04:14:30 | 002,602,576 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/11/10 15:02:24 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/07/29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [On_Demand | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/19 21:56:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/07/08 13:57:46 | 000,264,192 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service)
SRV - [2013/07/08 13:57:44 | 000,016,896 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service)
SRV - [2013/06/07 21:39:00 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 21:38:57 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 12:08:34 | 000,065,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Smart Client Service\HPBroadcastServer.exe -- (HP Broadcast Server)
SRV - [2013/03/06 16:50:00 | 001,420,600 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2013/01/22 13:02:19 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2012/11/29 12:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/12 18:15:30 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/13 16:14:05 | 001,126,264 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2012/03/13 16:14:05 | 000,980,856 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2012/03/13 16:14:04 | 000,203,640 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2012/03/13 16:01:13 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/13 16:01:11 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/09 11:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012/02/15 04:00:24 | 002,268,240 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/09/05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/08/26 13:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/08/11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/15 16:02:28 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/15 05:30:08 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/26 10:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/06 09:44:48 | 003,487,288 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe -- (TracSrvWrapper)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 13:40:26 | 000,042,400 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2009/12/15 13:40:22 | 000,112,032 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/20 11:30:18 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/06/07 21:38:57 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/04/08 11:41:28 | 000,468,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/22 19:46:54 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\N-able Technologies\Endpoint\bdfndisf6.sys -- (Bdfndisf)
DRV:64bit: - [2013/02/21 06:14:04 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2013/01/28 15:57:20 | 000,383,048 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/01/22 13:02:19 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2013/01/22 12:01:43 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2013/01/22 12:01:42 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2013/01/22 11:58:34 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/01/11 21:31:18 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/01/11 21:31:18 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/12/28 12:06:44 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/11/28 11:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/10/04 14:30:18 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/09/24 14:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 14:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/04/05 19:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/04/05 19:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/13 16:14:14 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2012/03/13 16:01:41 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/03/13 16:01:41 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\N-able Technologies\Endpoint\bdfwfpf.sys -- (Bdfwfpf)
DRV:64bit: - [2011/03/21 17:57:04 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 10:48:38 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 06:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 14:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 14:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 14:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/06 09:44:40 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vnaap.sys -- (vna_ap)
DRV:64bit: - [2010/03/02 15:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/26 13:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/28 10:38:06 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/12/15 13:40:30 | 000,684,280 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\vpn.sys -- (VPN-1)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\adobe.com/AdobeExManCCDetect32: C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\adobe.com/AdobeExManCCDetect64: C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/14 14:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012/11/27 13:56:33 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [[A54CDD78-3E93-94AA-4CA6-E39599922F5F]] C:\Program Files\N-able Technologies\Endpoint\Console.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Check Point Endpoint Connect] C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CloudSync] C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Ken\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Application Restart #4] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\Setup.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: connectwise.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: connectwise.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: connectwise.net ([]https in Trusted sites)
O16 - DPF: {D99BE4AD-A0AF-54E3-BF0E-904D5456A190} http://www.ntradmin....Plugin22046.cab (NTRglobal Plugin version 2.0.4.6)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://192.168.10.89/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8069493E-C8F2-437C-912B-144F4F7321A5}: DhcpNameServer = 107.218.46.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935540FF-CD79-425A-A3C1-BE3CF8913DBC}: DhcpNameServer = 192.168.10.10
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/12 15:19:47 | 000,000,000 | ---D | M] - C:\autologs -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 12:56:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/09/23 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/23 11:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/23 10:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/23 10:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/20 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/20 15:28:50 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/09/11 22:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
[2013/09/11 13:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/10 06:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\ConnectWise
[2013/09/06 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound
[2013/09/05 13:06:12 | 001,443,328 | ---- | C] (CineForm Inc.) -- C:\windows\SysNative\CFHD.dll
[2013/09/05 13:03:20 | 001,474,560 | ---- | C] (CineForm Inc.) -- C:\windows\SysWow64\CFHD.dll
[2013/09/03 09:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender

========== Files - Modified Within 30 Days ==========

[2013/10/02 12:56:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/10/02 12:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/02 12:25:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001UA.job
[2013/10/02 12:24:00 | 000,000,278 | ---- | M] () -- C:\windows\tasks\DSite.job
[2013/10/02 11:00:08 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 11:00:08 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 10:24:05 | 000,000,111 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\WB.CFG
[2013/10/02 10:24:05 | 000,000,006 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\WBPU-TTL.DAT
[2013/10/02 08:47:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/02 08:47:40 | 4242,915,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 15:13:20 | 000,820,684 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/01 15:13:20 | 000,693,346 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/01 15:13:20 | 000,131,260 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/01 15:05:48 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001Core.job
[2013/09/30 08:32:36 | 000,002,194 | -H-- | M] () -- C:\Users\Ken\Documents\Default.rdp
[2013/09/29 09:33:30 | 000,838,942 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/29 09:31:18 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKen.job
[2013/09/28 07:16:57 | 002,193,730 | ---- | M] () -- C:\Users\Ken\Desktop\SonicWALL_TZ_170_Getting_Started_Guide.pdf
[2013/09/23 10:59:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/16 10:44:42 | 000,000,346 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml
[2013/09/11 22:49:24 | 000,001,214 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013/09/11 22:49:24 | 000,001,112 | ---- | M] () -- C:\Users\Ken\Desktop\GoPro Studio.lnk
[2013/09/11 14:02:23 | 001,511,733 | ---- | M] () -- C:\Users\Ken\Desktop\Axis 211 Camera Manual.pdf
[2013/09/10 22:39:36 | 011,386,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/10 22:35:35 | 000,005,017 | ---- | M] () -- C:\Users\Ken\Desktop\15 horizontal sites and the case for making them Webdesigner Depot.url
[2013/09/10 09:53:21 | 000,000,348 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKM-ADMIN-02$.job
[2013/09/10 06:16:05 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\ConnectWise.lnk
[2013/09/09 09:33:55 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2013/09/05 13:06:12 | 001,443,328 | ---- | M] (CineForm Inc.) -- C:\windows\SysNative\CFHD.dll
[2013/09/05 13:03:20 | 001,474,560 | ---- | M] (CineForm Inc.) -- C:\windows\SysWow64\CFHD.dll
[2013/09/03 09:51:02 | 000,122,544 | ---- | M] () -- C:\ProgramData\1378226965.bdinstall.bin

========== Files Created - No Company Name ==========

[2013/09/28 07:16:57 | 002,193,730 | ---- | C] () -- C:\Users\Ken\Desktop\SonicWALL_TZ_170_Getting_Started_Guide.pdf
[2013/09/23 10:59:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/16 10:44:32 | 000,000,346 | ---- | C] () -- C:\windows\SysNative\checkdnsid.xml
[2013/09/15 07:04:25 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2013/09/11 22:49:24 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013/09/11 22:49:24 | 000,001,112 | ---- | C] () -- C:\Users\Ken\Desktop\GoPro Studio.lnk
[2013/09/11 14:02:23 | 001,511,733 | ---- | C] () -- C:\Users\Ken\Desktop\Axis 211 Camera Manual.pdf
[2013/09/10 22:35:35 | 000,005,017 | ---- | C] () -- C:\Users\Ken\Desktop\15 horizontal sites and the case for making them Webdesigner Depot.url
[2013/09/10 06:16:05 | 000,002,601 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConnectWise.lnk
[2013/09/10 06:16:05 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\ConnectWise.lnk
[2013/09/03 09:51:02 | 000,122,544 | ---- | C] () -- C:\ProgramData\1378226965.bdinstall.bin
[2013/08/30 16:05:58 | 000,226,603 | ---- | C] () -- C:\ProgramData\1377903721.bdinstall.bin
[2013/08/23 14:56:23 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\drivers\default.bin.old
[2013/08/23 14:56:23 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\default.bin.old
[2013/08/23 14:34:30 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\drivers\default.bin
[2013/08/23 14:34:30 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\default.bin
[2013/08/22 09:24:08 | 000,000,111 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\WB.CFG
[2013/08/22 09:24:08 | 000,000,006 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\WBPU-TTL.DAT
[2013/08/21 16:17:33 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Local\PUTTY.RND
[2013/07/14 21:48:53 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe PNG Format CC Prefs
[2013/02/24 21:24:28 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/03 15:17:16 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/01 11:00:24 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/01/23 12:48:21 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2013/01/22 20:33:27 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2013/01/22 20:33:27 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2013/01/22 20:33:27 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2013/01/22 20:33:27 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2013/01/22 20:33:27 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2013/01/22 20:33:27 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2013/01/22 20:33:27 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2013/01/22 20:33:27 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2013/01/22 20:33:27 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2013/01/22 20:33:27 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/22 20:33:27 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/22 20:33:27 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/22 20:33:27 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/22 20:33:27 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/22 20:33:27 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/22 20:33:27 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/11/28 11:42:06 | 000,026,464 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2012/11/17 14:11:42 | 000,005,632 | ---- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/11 10:59:59 | 000,061,304 | ---- | C] () -- C:\Users\Ken\g2mdlhlpx.exe
[2012/04/20 22:17:51 | 000,000,021 | ---- | C] () -- C:\windows\SurCode.INI
[2012/02/28 17:09:03 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/25 00:08:28 | 000,000,024 | ---- | C] () -- C:\windows\LoadConfig.ini
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012/02/22 02:24:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/11/10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/11/10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/11/10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/21 07:16:57 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Blender Foundation
[2013/07/28 10:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\chc
[2012/02/25 03:47:47 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/23 12:04:10 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\CheckPoint
[2012/08/03 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/29 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2012/05/15 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.WidgetBrowser
[2012/04/10 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\connectwise
[2012/02/24 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DigitalPersona
[2013/10/02 08:52:53 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2013/08/21 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DSite
[2013/03/13 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Epson
[2013/09/11 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\GoPro
[2012/02/24 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Infineon
[2012/02/25 02:18:23 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\PACE Anti-Piracy
[2012/06/01 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\PDAppFlex
[2013/08/30 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\QuickScan
[2013/03/25 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Quosal
[2012/02/25 02:33:08 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Red Giant Link
[2012/03/05 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/02/25 02:39:45 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/24 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Synaptics
[2012/09/28 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TechSmith
[2012/09/26 11:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\webex

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:054203E4
@Alternate Data Stream - 1215 bytes -> C:\ProgramData\Microsoft:hnDfps2oEQTZgqIQpL9MKdR
@Alternate Data Stream - 1213 bytes -> C:\ProgramData\Microsoft:n5jl85KALMyyWKJkfwLqPJ2
@Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:xmwrKNimUfOqkQS6MlyfGDC7
@Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:Mj0BPNxWFo16rLJjl7

< End of report >

Here is the extras:

OTL Extras logfile created on: 10/2/2013 12:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 3.19 Gb Available Physical Memory | 40.08% Memory free
15.90 Gb Paging File | 11.56 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.42 Gb Total Space | 41.00 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 2.20 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.52% Space Free | Partition Type: FAT32

Computer Name: KM-ADMIN-02 | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17656922-340B-49D2-A3B9-689010030052}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1A5262A0-2E32-4284-AB73-89DCB2FA55EA}" = lport=18287 | protocol=6 | dir=in | name=hp automatic update |
"{225A97F9-AEAF-4146-A36C-89441EC77B1F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B501B87-970A-49FD-B6AE-7F9EF523810A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C384D85-A63A-4838-B20D-94D9379D6BAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{31F7ABF1-767C-46B4-9F70-C439FAA74D7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C5B95C6-32E9-4760-BAB0-5097B19F3498}" = lport=18286 | protocol=17 | dir=in | name=hp broadcast service |
"{434FBAF6-1119-4C88-8B9F-A191F4B86C9F}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{43B90E1F-7083-48E0-97EC-212E27A7CF8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{479C455A-761C-42D6-B3F4-87C1089523AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47B7B633-8339-4D58-87CD-0DC33F908EEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{568B5688-8FBE-418B-B46D-8AC9D793C35A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6334AD28-79B2-43D7-BC5F-AC2599C82128}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B4C60DD-9CFB-4550-B3F0-65B5D403382A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6DB4944E-2646-41E7-89D3-24220DF19DE7}" = rport=445 | protocol=6 | dir=out | app=system |
"{91479EE0-FC2B-405C-B890-B724DA60451B}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8A59B66-0378-4539-842A-5FA00B67BC9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9F18B39-0CDC-40BA-8266-4E0AC52303F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{C52351DD-276F-42F6-A56F-B328A25FCD3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5CE5986-30AC-4291-8337-5423CC0C4284}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D77610A5-11C1-4852-B981-31571E521D4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E46CD17F-5186-4016-B4F7-12FBBC5BC883}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8086F5F-A6F7-4ABB-9854-A48200696A82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECE1F15D-44F8-4031-BCE3-1FE31AF085EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F66DF15D-C2AE-4907-83D2-3D9547590ABB}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{FFDDC53B-AB89-40ED-879C-D45387F12188}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D9CA9D-AC3C-4E7F-8BB1-9B5FBF398E56}" = protocol=1 | dir=out | [email protected],-28544 |
"{0C54E61A-D59E-4C15-9DC8-366EF8446183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12559EFE-FF10-4243-B846-390240E9E319}" = protocol=1 | dir=in | [email protected],-28543 |
"{160B8196-E1F0-4AD3-92F0-62D6D739D3C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CB67F0D-CEEF-4D66-9F72-997D7B2BA344}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\scc.exe |
"{2B559CB0-0403-43D2-B2ED-8E4D3467C5CD}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C9E9732-90C4-4FDA-9A74-03F8DBDD2E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{348BD0C8-D9DB-44D5-A5EF-DE06FEF74D19}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_service.exe |
"{34ACD54F-9DC4-4C28-ABCF-B3424225E5AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AC195A7-FAFF-4DE7-9B61-BF9AEA4C9146}" = dir=in | app=c:\program files (x86)\intronis technologies\esureit\backupstatusicon.exe |
"{3FD55A6B-DFAF-4BED-8ADF-6569A838FC15}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{48FA4AD7-A51A-401C-88D0-CB9DF77C0AB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF5ADA6-2D5E-41E6-B268-84EEDB16200E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DDAE351-1901-4EDB-9812-DE0BA78AFCD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{684DC9D7-B91B-4AFC-AF6F-538CDD7070F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7340E5E4-0448-48AC-87AD-73E02A549A15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73D8F9AB-4457-4ABA-B3AC-03CE5F2327E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74B6FFED-744F-4BCB-AD81-128A8276CDD9}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{7946359E-BF1E-4524-86E5-E42331AE3DF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85DDB01A-CD2B-4EE5-8624-2A60C57B72BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{872550C1-B063-431E-BFC1-EC525548DD53}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\trgui.exe |
"{8DAF3FFA-CBC6-479E-A94F-D5238703CB1A}" = protocol=6 | dir=out | app=system |
"{8DAF84DD-1C18-4E5D-8AAC-CE32D9B33E84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92B34804-DE12-4DD0-8EC5-243D0AEC2CBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95DCE8BA-C40E-4CB8-B9FF-2A946B92691B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99F44D60-B3F4-4C01-BE04-EBB8C103B780}" = protocol=58 | dir=out | [email protected],-28546 |
"{9B32936E-D005-4656-BF14-6B507B112691}" = dir=in | app=c:\program files (x86)\intronis technologies\esureit\backupmonitor.exe |
"{A25F1D9A-C2DE-441D-B472-55FFBA2D7239}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A54A8C7B-F34C-4FB0-BDC3-8FA402F54422}" = protocol=58 | dir=in | [email protected],-28545 |
"{B1C2E13B-A730-48AE-9132-2DCD21396881}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_diagnostics.exe |
"{B5163CF6-9EE6-4FA2-AB43-FC82000FD9B1}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{BCB9BF00-9497-4128-A0ED-08A5343D3EE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6607A4E-2BAF-46A6-BF79-6466744FAC53}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{CD574E27-EA46-44F2-97D5-EA02AEBAA3AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DF3D2C59-FD9F-4BA5-A4D3-3ACA19E78544}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1944BF9-CDB0-4961-9925-1A7286041153}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_gui.exe |
"{F711C3E1-AB29-4504-A346-671853AD9990}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\tracsrvwrapper.exe |
"{F7594657-4105-4BCC-A50C-F38AEE973906}" = dir=in | app=c:\users\ken\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{09CB55CB-4480-4B1D-A3A6-E228DC03DFE5}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3FC5FBC4-B0D2-4C59-9DD2-D6014CB3AEA3}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"TCP Query User{4247C5D3-38B0-462F-AE39-4F14C72749F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{59B60790-EE3D-4621-9BCE-2B2FE4601C31}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{72296138-6977-4446-8D17-41055A30391D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{934638C6-60EE-421E-87F3-C90B770A2DD1}C:\windows\syswow64\npntrplugin2.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"TCP Query User{AF2824F6-404F-46E4-B8EF-38A9619A72E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{B461D21B-3F9A-4728-BF7F-AC8DE826A38B}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe |
"TCP Query User{B4A9FA2D-CAEB-4AC8-BEEE-AE1D3BDE61E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C16C6657-5631-4C4A-AFCE-D72B7377A728}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"TCP Query User{C573CD24-A0F6-4FE8-A7DD-3C28A95433F2}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe |
"TCP Query User{C8BF6D31-29EA-4F2E-AEB3-543D0928E722}C:\windows\syswow64\npntrplugin2.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"TCP Query User{F8CB8440-1EC8-449B-86AC-12AC9EB3FDF4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F9CBB84F-EC2F-4528-B667-EDE006C88722}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{05C374B4-4BD9-4675-A262-237D84FA3BB4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{437FB0EB-57C0-4114-94CA-0ED21BCC1907}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{607F555F-09ED-471F-B7DA-5403D8F8FFFA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6744B2BA-1FC7-411D-9099-3CEEA6F1F1A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6ACEA875-6121-4677-A338-F15D8CD91599}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe |
"UDP Query User{84916B10-4C47-4F5B-BBE5-ACC3A81AC143}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe |
"UDP Query User{96C9A561-6B55-40F8-91C0-474C245AA818}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A45B91EE-2742-4E8C-929D-A05DECDFA3B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{AAB835E8-AD76-4DF5-8C35-32FEC6B3644C}C:\windows\syswow64\npntrplugin2.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"UDP Query User{B155172D-FE44-4041-8032-EA31B9D93662}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{BAAB0452-3153-4B45-86BD-8082A9493C2D}C:\windows\syswow64\npntrplugin2.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"UDP Query User{E2234E4D-4ADA-4675-A71C-453EED2C3C02}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"UDP Query User{E4EC2F78-38F6-491D-9B19-AE7AB6F65C90}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FC2D2DBD-2BB6-49AF-8488-D20B8B25D157}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{48AC4F0F-50D6-4B58-97EF-C0035F538FE1}" = Endpoint
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5476AB75-E584-4497-80AF-7F205D8F6F54}" = Privacy Manager for HP ProtectTools
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}" = Validity Fingerprint Sensor Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A674F348-9412-4AF5-89A5-BCC0FBB6FC22}" = Embedded Security for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0325
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BFF01F-485E-415F-B0CB-A6842FC0851C}" = 3DVIA plugin for Photoshop CS5 Extended (64-bit)
"{B617B439-87A2-4109-94A6-BD768B259F83}" = HP ProtectTools Security Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD4F3229-4A37-463F-98A3-3DEEEEE8492C}" = HP Backlit Keyboard Controls
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D6B65B14-41B2-471A-92F8-63C235F00DE6}" = ConnectWise Internet Client 64-bit
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Blender" = Blender
"Endpoint Security" = Security Manager AV Defender
"EPSON Artisan 710 Series" = EPSON Artisan 710 Series Printer Uninstall
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Neat Video for Premiere_is1" = Neat Video v3.1.0 Demo plug-in for Premiere (64-bit)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E094E1-A852-11E2-803D-ACEA632352B4}" = Adobe Dreamweaver CC
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07E80932-FFB1-402D-9198-18C58EBAF216}" = Adobe Encore CS6 Library
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0CC93482-5EAD-4224-AC9D-07C1548F03E6}" = HP Connection Manager
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1CE213F8-D2A4-4069-B918-589EEFB1DB2C}" = HP Mobile Display Assistant
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}" = Adobe Extension Manager CC
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2799064B-FFEE-4D40-A400-907A90D653AB}" = HP Performance Advisor
"{29AA12E9-934C-485E-A9A1-D823FEB29880}" = Adobe SpeedGrade CC
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2B1F8DD0-873D-4AC3-8400-766F255FE263}" = Camtasia Studio 8
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{317243C1-6580-4F43-AED7-37D4438C3DD5}" = Adobe After Effects CC
"{33D30F94-4C9E-2A80-0C56-9E7696E44628}" = Adobe Story
"{359F8007-6486-429C-A8C5-D67F6897C88C}" = Adobe Bridge CC (64 Bit)
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A61A282-4F08-4D43-920C-DC30ECE528E8}" = HP System Default Settings
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{427867D2-9459-4C7B-81E8-2CA570596645}" = NVIDIA PhysX
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}" = Adobe Premiere Pro CC
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{559C9050-3E02-E763-DBFA-B0CC62F5B6D7}" = Adobe Muse
"{564E4F25-DF80-47F7-9991-C6488107F21F}" = Uninstall Adobe Muse
"{5D73C19B-BE10-44A6-96B2-A516756ED29F}" = Adobe Prelude CC
"{5f8d2001-8c69-4eff-94d2-1770304e84a1}" = Check Point Endpoint Connect
"{614020C8-2E16-4E16-A5F0-04DE2AB96097}" = Adobe Premiere Pro CS6 Functional Content
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{6297487E-3778-4F72-B458-55690418DB98}" = Adobe ExtendScript Toolkit CC
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6606F377-873C-4EA8-BCEF-2AC21067004C}" = Smart Zero Client Services
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}" = HP QuickWeb
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F71D588-8479-49AE-85F2-209741942E7E}" = DeskDirector
"{6FC0AA88-A751-4E5A-B4A8-9F6926E60E6F}" = Windows Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{92094051-CDDB-D9BA-426C-975526525429}" = Adobe® Content Viewer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{9496E0B9-9094-4F1B-B3D5-164418013E69}" = Network Recording Player
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F4F9095-19B1-44E0-9A54-9B6A5B2E8481}" = DeskDirector Chat
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BC448016-6F11-1014-B0EA-97CEE6E26CB6}" = Adobe InDesign CC
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{be839ba5-dc35-4ea7-83fb-a7bf5779ab6d}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA3
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CD54AE4D-874D-40CF-93D2-F766875BE0C7}" = Adobe Edge Code Preview 2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D562B3BB-4405-4FA8-BCE2-D5DB89E8D5CE}" = HP ESU for Microsoft Windows 7
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}" = Adobe Audition CC
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5184D41-7796-4127-BBE4-46993F9FAAF3}" = SmartSound Sonicfire Pro 5.8
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F7DE06AE-23B6-4837-ADAB-02C5D6658C46}" = Adobe Edge Animate
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE465061-894A-4023-8580-56FCDD4F23F9}" = HP SoftPaq Download Manager
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AdobeMuse" = Adobe Muse
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DeskDirector 13.1.8" = DeskDirector
"DeskDirector Chat 13.1.5" = DeskDirector Chat
"EPSON Scanner" = EPSON Scan
"GoPro Studio" = GoPro Studio 2.0.0
"InstallShield_{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6606F377-873C-4EA8-BCEF-2AC21067004C}" = Smart Zero Client Services
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{E5184D41-7796-4127-BBE4-46993F9FAAF3}" = SmartSound Sonicfire Pro 5.8
"PDF Complete" = PDF Complete Special Edition
"PSPad editor_is1" = PSPad editor
"Quosal Create" = Quosal Create 2013
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK (1.0.0.55)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox
"DSite" = Update for Zip Opener
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.7.0.1172
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2013 4:53:34 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 7/2/2013 4:53:34 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

[ Hewlett-Packard Events ]
Error - 11/20/2012 6:59:35 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/27/2012 2:20:29 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 12/4/2012 2:13:42 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 12/11/2012 2:37:22 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 12/19/2012 12:06:09 AM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 12/19/2012 9:14:39 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 12/19/2012 11:34:14 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/10/2013 8:26:34 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/22/2013 4:44:07 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/22/2013 5:11:20 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Connection Manager Events ]
Error - 8/2/2013 12:01:15 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/02 09:01:15.139|00001470|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/12/2013 1:47:47 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/12 10:47:47.800|000016AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/12/2013 1:48:26 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/12 10:48:26.862|000016AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/13/2013 4:56:19 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/13 13:56:19.938|000022FC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/14/2013 1:48:50 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/13 22:48:50.803|00002BE8|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/14/2013 12:00:32 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/14 09:00:32.918|00002BE8|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/15/2013 5:12:56 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/15 14:12:56.534|00001908|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/23/2013 6:33:45 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/23 15:33:45.702|00001FC4|Error |[HP.Mobile]Wlan::b{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/30/2013 7:15:47 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/30 04:15:47.089|00002744|Error |[HP.Mobile]HotSpot::a{void(HP.Mobile.Helper.WlanHostedNetworkState)}|The
RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error - 9/10/2013 9:06:46 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/09/10 06:06:46.828|000012C4|Error |[HP.Mobile]Wlan::b{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

[ HP HotKey Support Events ]
Error - 9/20/2012 6:14:19 PM | Computer Name = KM-ADMIN-02 | Source = HpHotkeyMonitor | ID = 5
Description = 2012/09/20 15:14:19.250|00000B84|Error |WmiEvent::Register|ExecNotificationQueryAsync
failed: 0x8004100A

Error - 9/20/2012 6:34:24 PM | Computer Name = KM-ADMIN-02 | Source = QlbController | ID = 5
Description = 2012/09/20 15:34:24.949|00001B3C|Error |Program::RegisterEvents{hpCasl.enReturnCode(bool)}|Registering
for SmartAdapter.PluggedIn Failed. RetCode: e_GENERAL_EXCEPTION

Error - 9/20/2012 6:54:25 PM | Computer Name = KM-ADMIN-02 | Source = QlbController | ID = 5
Description = 2012/09/20 15:54:25.018|00001B3C|Error |Program::RegisterEvents{hpCasl.enReturnCode(bool)}|Registering
for DockState.Changed Failed. RetCode: e_GENERAL_EXCEPTION

[ HP Power Assistant Events ]
Error - 10/2/2013 2:58:13 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 2:58:13 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:04:02 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:04:02 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:11:32 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:11:32 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:16:33 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:19:56 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 4:04:22 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 4:04:22 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

[ HP Software Framework Events ]
Error - 7/13/2012 1:14:13 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:14:13.219|00001414|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:01 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:01.766|00000E20|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:07 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:07.857|00001FC4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:24 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:24.347|00001904|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 9/21/2012 11:03:19 AM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/09/21 08:03:19.822|00001A78|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 9/27/2012 10:48:45 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/09/27 19:48:45.669|00001D3C|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Retrieving the COM class factory
for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the
following error: 8007045b.

Error - 12/28/2012 3:15:31 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/12/28 11:15:31.725|00001718|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 1/10/2013 8:27:18 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/10 16:27:18.706|00001A58|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 1/10/2013 8:27:18 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/10 16:27:18.737|00001A58|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Object reference
not set to an instance of an object.

Error - 1/17/2013 8:58:44 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/17 16:58:44.713|000018E8|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

[ System Events ]
Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote service service depends the following
service: FW1. This service might not be installed.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote watchdog service depends the following
service: FW1. This service might not be installed.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\vpn.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7000
Description = The VPN-1 Module service failed to start due to the following error:
%%1275

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{ff1cd095-bd98-11e0-9f17-806e6f6e6963}
cannot be read.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote service service depends the following
service: FW1. This service might not be installed.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote watchdog service depends the following
service: FW1. This service might not be installed.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\vpn.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7000
Description = The VPN-1 Module service failed to start due to the following error:
%%1275

Error - 10/2/2013 11:48:19 AM | Computer Name = KM-ADMIN-02 | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{ff1cd095-bd98-11e0-9f17-806e6f6e6963}
cannot be read.


< End of report >
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

The first step is to run a special OTL scan and a scan with a tool called aswMBR. Please do the following:

Step 1

  • Download OTL and save to desktop or other convenient location.
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir C:\ /S /A:L /C
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL quick scan log
aswMBR log

  • 0

#3
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran Malwarebytes and a Bitdefender AV scan before running these programs. After running Bitdefender, it still had the problem. So far, after running Malwarebytes, the problem has not occurred.

Here is the OTL results file:

OTL logfile created on: 10/3/2013 11:34:15 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 3.95 Gb Available Physical Memory | 49.74% Memory free
15.90 Gb Paging File | 11.25 Gb Available in Paging File | 70.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.42 Gb Total Space | 40.46 Gb Free Space | 5.96% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 2.20 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.52% Space Free | Partition Type: FAT32

Computer Name: KM-ADMIN-02 | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 12:56:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2013/09/05 07:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/09/03 20:24:56 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2013/09/03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013/08/30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013/08/14 13:11:02 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Ken\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/07/12 19:20:03 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/10 16:56:36 | 000,306,176 | ---- | M] () -- C:\Program Files (x86)\DeskDirector Chat\DeskDirectorChat.exe
PRC - [2013/07/08 13:57:46 | 000,264,192 | ---- | M] (N-able Technologies) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
PRC - [2013/07/08 13:57:44 | 000,016,896 | ---- | M] (N-able Technologies) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe
PRC - [2013/06/05 14:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/22 12:08:34 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Smart Client Service\HPBroadcastServer.exe
PRC - [2013/03/06 16:50:00 | 001,420,600 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2013/01/22 13:02:19 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2012/09/12 18:15:30 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/08/21 07:58:22 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/04/05 19:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2012/04/05 18:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2012/03/13 16:14:08 | 000,330,104 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2012/03/13 16:14:05 | 001,126,264 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2012/03/13 16:14:05 | 000,980,856 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2012/03/13 16:14:04 | 000,203,640 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2012/03/13 16:11:19 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2012/03/13 16:01:40 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2012/03/13 16:01:13 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/03/13 16:01:11 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/03/09 11:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2012/03/09 11:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/11/10 15:02:18 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/08/26 13:35:12 | 012,277,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/08/26 13:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/08/11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/04/18 23:57:14 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2011/03/15 16:02:28 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 10:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 10:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/07/29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/06/06 09:44:48 | 003,487,288 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
PRC - [2010/06/06 09:44:40 | 000,611,888 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/16 20:21:27 | 000,410,576 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/16 20:21:25 | 004,053,456 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/16 20:20:34 | 000,709,584 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/16 20:20:33 | 000,099,792 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/16 20:20:31 | 001,604,560 | ---- | M] () -- C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/09/11 08:12:40 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll
MOD - [2013/09/11 07:54:07 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5126089292f3f953c53f7f7defc0a79f\System.ServiceModel.Web.ni.dll
MOD - [2013/09/11 07:53:35 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 07:53:34 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c7e65a2dfe8622af6e256cb4a7a3352e\System.IdentityModel.ni.dll
MOD - [2013/09/11 07:53:33 | 017,477,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c0593e0b0fafb24a15548809f246d9e0\System.ServiceModel.ni.dll
MOD - [2013/09/10 22:41:27 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/10 22:41:17 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/03 15:25:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013/08/30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013/08/30 10:00:58 | 000,381,808 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
MOD - [2013/08/22 15:25:02 | 010,530,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Gibraltar.Agent\bf9711e1becc97409de09b788db63097\Gibraltar.Agent.ni.dll
MOD - [2013/08/22 15:24:52 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WPFToolkit\4a356c59601040dd76918f498aa7aaa1\WPFToolkit.ni.dll
MOD - [2013/08/22 15:24:50 | 001,126,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WPFToolkit.Extended\37c179d8d345c8ffb5fb2f4376df48d8\WPFToolkit.Extended.ni.dll
MOD - [2013/08/22 15:24:39 | 001,625,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\a6316b06bb2c62c86aab80ec40471b7c\Newtonsoft.Json.ni.dll
MOD - [2013/08/22 15:24:34 | 000,431,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AspNet.Si#\98ef94bce7a6ec70f42efc6d267e9d89\Microsoft.AspNet.SignalR.Client.Net.ni.dll
MOD - [2013/08/22 15:24:32 | 004,536,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Threading\2d4e644c089255e8556661f5c790569a\System.Threading.ni.dll
MOD - [2013/08/22 15:24:27 | 000,187,392 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.CoreEx\575c9c463e08108c420acca2eeee796b\System.CoreEx.ni.dll
MOD - [2013/08/22 15:24:26 | 000,580,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Caliburn.Micro\4da4cc6eb546513c41738a78deb7fc77\Caliburn.Micro.ni.dll
MOD - [2013/08/22 15:24:25 | 000,116,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\bb013c657fa0d3b7187aad2f5f9b1441\System.Windows.Interactivity.ni.dll
MOD - [2013/08/22 15:24:17 | 000,576,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\DeskDirectorChat\8048224788c97e1f79b15107495d1a0a\DeskDirectorChat.ni.exe
MOD - [2013/08/13 16:43:27 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\245d1e603b9f9a15d8934c4f1bbe55ee\System.Xml.Linq.ni.dll
MOD - [2013/08/13 16:19:15 | 000,094,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\b941bb58cfb28d2a368e3ed6cac9026a\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/08/13 16:18:49 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/13 16:18:13 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/08/13 16:18:12 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/08/13 16:17:54 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/13 16:17:53 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/08/13 14:04:06 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/13 14:03:59 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/13 14:03:49 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/13 14:03:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/13 14:03:40 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/13 14:03:37 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/13 14:03:36 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/13 14:03:29 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/13 14:03:27 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 10:24:06 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/07/10 16:56:36 | 000,306,176 | ---- | M] () -- C:\Program Files (x86)\DeskDirector Chat\DeskDirectorChat.exe
MOD - [2013/07/09 16:54:47 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/09 16:53:33 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/05 14:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/04/05 19:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/04/18 23:57:14 | 000,522,736 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/06 09:44:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\imageformats\qgif4.dll
MOD - [2010/06/06 09:44:48 | 004,993,024 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtGui4.dll
MOD - [2010/06/06 09:44:40 | 001,302,528 | ---- | M] () -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtCore4.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\UpdateService.exe -- (UpdateService)
SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\EndpointService.exe -- (EndpointService)
SRV:64bit: - [2013/07/24 14:55:08 | 000,397,968 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\N-able Technologies\Endpoint\EndpointIntegration.exe -- (EndpointIntegration)
SRV:64bit: - [2013/07/24 14:55:07 | 002,284,880 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Common Files\N-able Technologies\Endpoint Agent\epag.exe -- (epag)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/28 12:06:44 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/12/28 12:06:43 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012/09/24 14:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/06/25 17:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 17:05:54 | 000,628,016 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 17:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 18:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/04/05 18:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2012/03/15 08:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/03/14 14:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2012/02/15 04:14:30 | 002,602,576 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011/11/10 15:02:24 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/07/29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [On_Demand | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/19 21:56:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/07/08 13:57:46 | 000,264,192 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe -- (Windows Agent Service)
SRV - [2013/07/08 13:57:44 | 000,016,896 | ---- | M] (N-able Technologies) [Auto | Running] -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe -- (Windows Agent Maintenance Service)
SRV - [2013/06/07 21:39:00 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 21:38:57 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/22 12:08:34 | 000,065,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Smart Client Service\HPBroadcastServer.exe -- (HP Broadcast Server)
SRV - [2013/03/06 16:50:00 | 001,420,600 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2013/01/22 13:02:19 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2012/11/29 12:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/12 18:15:30 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/13 16:14:05 | 001,126,264 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2012/03/13 16:14:05 | 000,980,856 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2012/03/13 16:14:04 | 000,203,640 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2012/03/13 16:01:13 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/13 16:01:11 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/09 11:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012/02/15 04:00:24 | 002,268,240 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/09/05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/08/26 13:35:08 | 000,322,048 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/08/11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/15 16:02:28 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/15 05:30:08 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/26 10:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/06 09:44:48 | 003,487,288 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe -- (TracSrvWrapper)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 13:40:26 | 000,042,400 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2009/12/15 13:40:22 | 000,112,032 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/20 11:30:18 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/06/07 21:38:57 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/04/08 11:41:28 | 000,468,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/22 19:46:54 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\N-able Technologies\Endpoint\bdfndisf6.sys -- (Bdfndisf)
DRV:64bit: - [2013/02/21 06:14:04 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2013/01/28 15:57:20 | 000,383,048 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/01/22 13:02:19 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2013/01/22 12:01:43 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2013/01/22 12:01:42 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2013/01/22 11:58:34 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/01/11 21:31:18 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/01/11 21:31:18 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/12/28 12:06:44 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 12:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 12:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/11/28 11:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/10/04 14:30:18 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/09/24 14:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 14:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/04/05 19:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/04/05 19:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/13 16:14:14 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2012/03/13 16:01:41 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/03/13 16:01:41 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\N-able Technologies\Endpoint\bdfwfpf.sys -- (Bdfwfpf)
DRV:64bit: - [2011/03/21 17:57:04 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 10:48:38 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 06:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 14:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 14:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 14:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 07:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/06 09:44:40 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vnaap.sys -- (vna_ap)
DRV:64bit: - [2010/03/02 15:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/26 13:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/28 10:38:06 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/12/15 13:40:30 | 000,684,280 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\vpn.sys -- (VPN-1)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\adobe.com/AdobeExManCCDetect32: C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\adobe.com/AdobeExManCCDetect64: C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/14 14:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012/11/27 13:56:33 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [[A54CDD78-3E93-94AA-4CA6-E39599922F5F]] C:\Program Files\N-able Technologies\Endpoint\Console.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Check Point Endpoint Connect] C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001..\Run: [CloudSync] C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe File not found
O4 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001..\Run: [SkyDrive] C:\Users\Ken\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001..\RunOnce: [Application Restart #4] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\Setup.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..Trusted Domains: connectwise.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..Trusted Domains: connectwise.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4115562483-2901303464-3382322076-1001\..Trusted Domains: connectwise.net ([]https in Trusted sites)
O16 - DPF: {D99BE4AD-A0AF-54E3-BF0E-904D5456A190} http://www.ntradmin....Plugin22046.cab (NTRglobal Plugin version 2.0.4.6)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://192.168.10.89/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8069493E-C8F2-437C-912B-144F4F7321A5}: DhcpNameServer = 107.218.46.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935540FF-CD79-425A-A3C1-BE3CF8913DBC}: DhcpNameServer = 192.168.10.10
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/12 15:19:47 | 000,000,000 | ---D | M] - C:\autologs -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/03 09:35:14 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Malwarebytes
[2013/10/03 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/03 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/03 09:35:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/10/03 09:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/02 12:56:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/09/23 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/23 11:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/23 10:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/23 10:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/23 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/20 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/20 15:28:50 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/09/11 22:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
[2013/09/11 13:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axis Communications
[2013/09/10 06:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\ConnectWise
[2013/09/06 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound
[2013/09/05 13:06:12 | 001,443,328 | ---- | C] (CineForm Inc.) -- C:\windows\SysNative\CFHD.dll
[2013/09/05 13:03:20 | 001,474,560 | ---- | C] (CineForm Inc.) -- C:\windows\SysWow64\CFHD.dll

========== Files - Modified Within 30 Days ==========

[2013/10/03 11:32:36 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 11:32:36 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 11:25:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/03 11:25:31 | 4242,915,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 11:25:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001UA.job
[2013/10/03 11:24:00 | 000,000,278 | ---- | M] () -- C:\windows\tasks\DSite.job
[2013/10/03 10:56:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/03 09:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/03 09:31:01 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKen.job
[2013/10/03 09:24:02 | 000,000,118 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\WB.CFG
[2013/10/03 09:24:02 | 000,000,006 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\WBPU-TTL.DAT
[2013/10/02 12:56:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/10/01 15:13:20 | 000,820,684 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/01 15:13:20 | 000,693,346 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/01 15:13:20 | 000,131,260 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/01 15:05:48 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001Core.job
[2013/09/30 08:32:36 | 000,002,194 | -H-- | M] () -- C:\Users\Ken\Documents\Default.rdp
[2013/09/29 09:33:30 | 000,838,942 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/28 07:16:57 | 002,193,730 | ---- | M] () -- C:\Users\Ken\Desktop\SonicWALL_TZ_170_Getting_Started_Guide.pdf
[2013/09/23 10:59:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/16 10:44:42 | 000,000,346 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml
[2013/09/11 22:49:24 | 000,001,214 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013/09/11 22:49:24 | 000,001,112 | ---- | M] () -- C:\Users\Ken\Desktop\GoPro Studio.lnk
[2013/09/11 14:02:23 | 001,511,733 | ---- | M] () -- C:\Users\Ken\Desktop\Axis 211 Camera Manual.pdf
[2013/09/10 22:39:36 | 011,386,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/10 22:35:35 | 000,005,017 | ---- | M] () -- C:\Users\Ken\Desktop\15 horizontal sites and the case for making them Webdesigner Depot.url
[2013/09/10 09:53:21 | 000,000,348 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKM-ADMIN-02$.job
[2013/09/10 06:16:05 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\ConnectWise.lnk
[2013/09/09 09:33:55 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2013/09/05 13:06:12 | 001,443,328 | ---- | M] (CineForm Inc.) -- C:\windows\SysNative\CFHD.dll
[2013/09/05 13:03:20 | 001,474,560 | ---- | M] (CineForm Inc.) -- C:\windows\SysWow64\CFHD.dll

========== Files Created - No Company Name ==========

[2013/10/03 09:35:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/28 07:16:57 | 002,193,730 | ---- | C] () -- C:\Users\Ken\Desktop\SonicWALL_TZ_170_Getting_Started_Guide.pdf
[2013/09/23 10:59:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/16 10:44:32 | 000,000,346 | ---- | C] () -- C:\windows\SysNative\checkdnsid.xml
[2013/09/15 07:04:25 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2013/09/11 22:49:24 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013/09/11 22:49:24 | 000,001,112 | ---- | C] () -- C:\Users\Ken\Desktop\GoPro Studio.lnk
[2013/09/11 14:02:23 | 001,511,733 | ---- | C] () -- C:\Users\Ken\Desktop\Axis 211 Camera Manual.pdf
[2013/09/10 22:35:35 | 000,005,017 | ---- | C] () -- C:\Users\Ken\Desktop\15 horizontal sites and the case for making them Webdesigner Depot.url
[2013/09/10 06:16:05 | 000,002,601 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConnectWise.lnk
[2013/09/10 06:16:05 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\ConnectWise.lnk
[2013/09/03 09:51:02 | 000,122,544 | ---- | C] () -- C:\ProgramData\1378226965.bdinstall.bin
[2013/08/30 16:05:58 | 000,226,603 | ---- | C] () -- C:\ProgramData\1377903721.bdinstall.bin
[2013/08/23 14:56:23 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\drivers\default.bin.old
[2013/08/23 14:56:23 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\default.bin.old
[2013/08/23 14:34:30 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\drivers\default.bin
[2013/08/23 14:34:30 | 000,002,516 | ---- | C] () -- C:\windows\SysWow64\default.bin
[2013/08/22 09:24:08 | 000,000,118 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\WB.CFG
[2013/08/22 09:24:08 | 000,000,006 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\WBPU-TTL.DAT
[2013/08/21 16:17:33 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Local\PUTTY.RND
[2013/07/14 21:48:53 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe PNG Format CC Prefs
[2013/02/24 21:24:28 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/03 15:17:16 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/01 11:00:24 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/01/23 12:48:21 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2013/01/22 20:33:27 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2013/01/22 20:33:27 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2013/01/22 20:33:27 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2013/01/22 20:33:27 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2013/01/22 20:33:27 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2013/01/22 20:33:27 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2013/01/22 20:33:27 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2013/01/22 20:33:27 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2013/01/22 20:33:27 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2013/01/22 20:33:27 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/22 20:33:27 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/22 20:33:27 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/22 20:33:27 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/22 20:33:27 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/22 20:33:27 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/22 20:33:27 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/11/28 11:42:06 | 000,026,464 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2012/11/17 14:11:42 | 000,005,632 | ---- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/11 10:59:59 | 000,061,304 | ---- | C] () -- C:\Users\Ken\g2mdlhlpx.exe
[2012/04/20 22:17:51 | 000,000,021 | ---- | C] () -- C:\windows\SurCode.INI
[2012/02/28 17:09:03 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/25 00:08:28 | 000,000,024 | ---- | C] () -- C:\windows\LoadConfig.ini
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012/02/22 02:24:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/11/10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/11/10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/11/10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/21 07:16:57 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Blender Foundation
[2013/07/28 10:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\chc
[2012/02/25 03:47:47 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/23 12:04:10 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\CheckPoint
[2012/08/03 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/29 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2012/05/15 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.adobe.WidgetBrowser
[2012/04/10 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\connectwise
[2012/02/24 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DigitalPersona
[2013/10/03 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2013/08/21 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\DSite
[2013/03/13 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Epson
[2013/09/11 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\GoPro
[2012/02/24 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Infineon
[2012/02/25 02:18:23 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\PACE Anti-Piracy
[2012/06/01 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\PDAppFlex
[2013/08/30 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\QuickScan
[2013/03/25 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Quosal
[2012/02/25 02:33:08 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Red Giant Link
[2012/03/05 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/02/25 02:39:45 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/24 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Synaptics
[2012/09/28 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TechSmith
[2012/09/26 11:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\webex

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/08/21 06:09:40 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/28 20:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/28 20:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/28 20:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/28 20:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/28 20:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/28 20:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/28 20:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/28 20:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2013/05/27 21:50:10 | 000,483,216 | ---- | M] (Adobe Systems Incorporated) MD5=03CFD2E8F7872529C3716F150F27E07A -- C:\Program Files\Adobe\Adobe Illustrator CC (64 Bit)\Plug-ins\Extensions\Services.aip
[2013/05/27 21:28:38 | 000,386,960 | ---- | M] (Adobe Systems Incorporated) MD5=D7B6E353439EBF323F787E63D526A4F6 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CC\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:52 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\services.cfg
[2013/09/05 07:04:22 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.DLL >
[2013/04/04 12:28:06 | 004,824,040 | ---- | M] (SmartSound Software Inc.) MD5=4179F40498D9934ADFDFD96F3A223FA7 -- C:\Program Files (x86)\SmartSound Software\Sonicfire Pro 5.8\Services.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.INDD >
[2012/10/01 15:08:52 | 001,048,576 | ---- | M] () MD5=271C0AD967DF982CFC74FC4B1B6545CE -- C:\Users\Ken\Documents\Knowles-McNiff\Planning\Services.indd

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TXT >
[2010/03/15 10:10:46 | 000,000,978 | ---- | M] () MD5=FBBD4A9A3BD635843571EA8E7C061C9A -- C:\Program Files\Microsoft Baseline Security Analyzer 2\Services.txt

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/10/28 20:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/28 20:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2009/07/13 19:07:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2009/07/13 19:07:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui
[2009/07/13 19:28:32 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\windows\SysNative\en-US\wshelper.dll.mui
[2009/07/13 19:28:32 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09d25d5db275f73d\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,600 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/06/14 11:40:15 | 000,000,848 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001Core.job
[2012/06/14 11:40:16 | 000,000,900 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4115562483-2901303464-3382322076-1001UA.job
[2012/07/02 10:57:06 | 000,000,348 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForKM-ADMIN-02$.job
[2012/08/03 15:00:37 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013/03/05 15:18:42 | 000,000,324 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForKen.job
[2013/08/21 16:21:33 | 000,000,278 | ---- | C] () -- C:\windows\Tasks\DSite.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 8C77-CA60
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
08/12/2013 01:11 PM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
08/12/2013 01:11 PM <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]
08/12/2013 01:11 PM <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
08/12/2013 01:11 PM <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
08/12/2013 01:11 PM <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/12/2013 01:11 PM <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/12/2013 01:11 PM <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
08/12/2013 01:11 PM <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
08/12/2013 01:11 PM <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
08/12/2013 01:11 PM <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
08/12/2013 01:11 PM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
08/12/2013 01:11 PM <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
08/12/2013 01:11 PM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
08/12/2013 01:11 PM <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
08/12/2013 01:11 PM <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
08/12/2013 01:11 PM <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ken
02/24/2012 11:16 PM <JUNCTION> Application Data [C:\Users\Ken\AppData\Roaming]
02/24/2012 11:16 PM <JUNCTION> Cookies [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies]
02/24/2012 11:16 PM <JUNCTION> Local Settings [C:\Users\Ken\AppData\Local]
02/24/2012 11:16 PM <JUNCTION> My Documents [C:\Users\Ken\Documents]
02/24/2012 11:16 PM <JUNCTION> NetHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/24/2012 11:16 PM <JUNCTION> PrintHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/24/2012 11:16 PM <JUNCTION> Recent [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Recent]
02/24/2012 11:16 PM <JUNCTION> SendTo [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\SendTo]
02/24/2012 11:16 PM <JUNCTION> Start Menu [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu]
02/24/2012 11:16 PM <JUNCTION> Templates [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ken\AppData\Local
02/24/2012 11:16 PM <JUNCTION> Application Data [C:\Users\Ken\AppData\Local]
02/24/2012 11:16 PM <JUNCTION> History [C:\Users\Ken\AppData\Local\Microsoft\Windows\History]
02/24/2012 11:16 PM <JUNCTION> Temporary Internet Files [C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ken\Documents
02/24/2012 11:16 PM <JUNCTION> My Music [C:\Users\Ken\Music]
02/24/2012 11:16 PM <JUNCTION> My Pictures [C:\Users\Ken\Pictures]
02/24/2012 11:16 PM <JUNCTION> My Videos [C:\Users\Ken\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
05/06/2011 09:45 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
05/06/2011 09:45 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
05/06/2011 09:45 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2012 04:08 PM <JUNCTION> Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
05/06/2011 09:45 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
05/06/2011 09:45 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
05/06/2011 09:45 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
05/06/2011 09:45 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
05/06/2011 09:45 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
05/06/2011 09:45 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/13/2012 04:08 PM <JUNCTION> Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
05/06/2011 09:45 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
05/06/2011 09:45 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
05/06/2011 09:45 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
80 Dir(s) 52,908,711,936 bytes free

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: KM-ADMIN-02
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 G DVD-ROM 0 B No Media
Volume 1 Partition 300 MB Healthy Offline
Volume 2 C NTFS Partition 678 GB Healthy Boot
Volume 3 E HP_RECOVERY NTFS Partition 14 GB Healthy
Volume 4 F HP_TOOLS FAT32 Partition 5115 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:054203E4
@Alternate Data Stream - 1215 bytes -> C:\ProgramData\Microsoft:hnDfps2oEQTZgqIQpL9MKdR
@Alternate Data Stream - 1213 bytes -> C:\ProgramData\Microsoft:n5jl85KALMyyWKJkfwLqPJ2
@Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:xmwrKNimUfOqkQS6MlyfGDC7
@Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:Mj0BPNxWFo16rLJjl7

< End of report >

Here is the Extras file:

OTL Extras logfile created on: 10/2/2013 12:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 3.19 Gb Available Physical Memory | 40.08% Memory free
15.90 Gb Paging File | 11.56 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.42 Gb Total Space | 41.00 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 2.20 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.52% Space Free | Partition Type: FAT32

Computer Name: KM-ADMIN-02 | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17656922-340B-49D2-A3B9-689010030052}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1A5262A0-2E32-4284-AB73-89DCB2FA55EA}" = lport=18287 | protocol=6 | dir=in | name=hp automatic update |
"{225A97F9-AEAF-4146-A36C-89441EC77B1F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B501B87-970A-49FD-B6AE-7F9EF523810A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C384D85-A63A-4838-B20D-94D9379D6BAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{31F7ABF1-767C-46B4-9F70-C439FAA74D7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C5B95C6-32E9-4760-BAB0-5097B19F3498}" = lport=18286 | protocol=17 | dir=in | name=hp broadcast service |
"{434FBAF6-1119-4C88-8B9F-A191F4B86C9F}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{43B90E1F-7083-48E0-97EC-212E27A7CF8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{479C455A-761C-42D6-B3F4-87C1089523AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47B7B633-8339-4D58-87CD-0DC33F908EEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{568B5688-8FBE-418B-B46D-8AC9D793C35A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6334AD28-79B2-43D7-BC5F-AC2599C82128}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B4C60DD-9CFB-4550-B3F0-65B5D403382A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6DB4944E-2646-41E7-89D3-24220DF19DE7}" = rport=445 | protocol=6 | dir=out | app=system |
"{91479EE0-FC2B-405C-B890-B724DA60451B}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8A59B66-0378-4539-842A-5FA00B67BC9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9F18B39-0CDC-40BA-8266-4E0AC52303F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{C52351DD-276F-42F6-A56F-B328A25FCD3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5CE5986-30AC-4291-8337-5423CC0C4284}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D77610A5-11C1-4852-B981-31571E521D4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E46CD17F-5186-4016-B4F7-12FBBC5BC883}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8086F5F-A6F7-4ABB-9854-A48200696A82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECE1F15D-44F8-4031-BCE3-1FE31AF085EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F66DF15D-C2AE-4907-83D2-3D9547590ABB}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{FFDDC53B-AB89-40ED-879C-D45387F12188}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D9CA9D-AC3C-4E7F-8BB1-9B5FBF398E56}" = protocol=1 | dir=out | [email protected],-28544 |
"{0C54E61A-D59E-4C15-9DC8-366EF8446183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12559EFE-FF10-4243-B846-390240E9E319}" = protocol=1 | dir=in | [email protected],-28543 |
"{160B8196-E1F0-4AD3-92F0-62D6D739D3C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CB67F0D-CEEF-4D66-9F72-997D7B2BA344}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\scc.exe |
"{2B559CB0-0403-43D2-B2ED-8E4D3467C5CD}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C9E9732-90C4-4FDA-9A74-03F8DBDD2E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{348BD0C8-D9DB-44D5-A5EF-DE06FEF74D19}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_service.exe |
"{34ACD54F-9DC4-4C28-ABCF-B3424225E5AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AC195A7-FAFF-4DE7-9B61-BF9AEA4C9146}" = dir=in | app=c:\program files (x86)\intronis technologies\esureit\backupstatusicon.exe |
"{3FD55A6B-DFAF-4BED-8ADF-6569A838FC15}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{48FA4AD7-A51A-401C-88D0-CB9DF77C0AB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF5ADA6-2D5E-41E6-B268-84EEDB16200E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DDAE351-1901-4EDB-9812-DE0BA78AFCD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{684DC9D7-B91B-4AFC-AF6F-538CDD7070F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7340E5E4-0448-48AC-87AD-73E02A549A15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73D8F9AB-4457-4ABA-B3AC-03CE5F2327E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74B6FFED-744F-4BCB-AD81-128A8276CDD9}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{7946359E-BF1E-4524-86E5-E42331AE3DF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85DDB01A-CD2B-4EE5-8624-2A60C57B72BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{872550C1-B063-431E-BFC1-EC525548DD53}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\trgui.exe |
"{8DAF3FFA-CBC6-479E-A94F-D5238703CB1A}" = protocol=6 | dir=out | app=system |
"{8DAF84DD-1C18-4E5D-8AAC-CE32D9B33E84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92B34804-DE12-4DD0-8EC5-243D0AEC2CBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95DCE8BA-C40E-4CB8-B9FF-2A946B92691B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{99F44D60-B3F4-4C01-BE04-EBB8C103B780}" = protocol=58 | dir=out | [email protected],-28546 |
"{9B32936E-D005-4656-BF14-6B507B112691}" = dir=in | app=c:\program files (x86)\intronis technologies\esureit\backupmonitor.exe |
"{A25F1D9A-C2DE-441D-B472-55FFBA2D7239}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A54A8C7B-F34C-4FB0-BDC3-8FA402F54422}" = protocol=58 | dir=in | [email protected],-28545 |
"{B1C2E13B-A730-48AE-9132-2DCD21396881}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_diagnostics.exe |
"{B5163CF6-9EE6-4FA2-AB43-FC82000FD9B1}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{BCB9BF00-9497-4128-A0ED-08A5343D3EE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6607A4E-2BAF-46A6-BF79-6466744FAC53}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{CD574E27-EA46-44F2-97D5-EA02AEBAA3AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DF3D2C59-FD9F-4BA5-A4D3-3ACA19E78544}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1944BF9-CDB0-4961-9925-1A7286041153}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_gui.exe |
"{F711C3E1-AB29-4504-A346-671853AD9990}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\tracsrvwrapper.exe |
"{F7594657-4105-4BCC-A50C-F38AEE973906}" = dir=in | app=c:\users\ken\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{09CB55CB-4480-4B1D-A3A6-E228DC03DFE5}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3FC5FBC4-B0D2-4C59-9DD2-D6014CB3AEA3}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"TCP Query User{4247C5D3-38B0-462F-AE39-4F14C72749F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{59B60790-EE3D-4621-9BCE-2B2FE4601C31}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{72296138-6977-4446-8D17-41055A30391D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{934638C6-60EE-421E-87F3-C90B770A2DD1}C:\windows\syswow64\npntrplugin2.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"TCP Query User{AF2824F6-404F-46E4-B8EF-38A9619A72E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{B461D21B-3F9A-4728-BF7F-AC8DE826A38B}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe |
"TCP Query User{B4A9FA2D-CAEB-4AC8-BEEE-AE1D3BDE61E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C16C6657-5631-4C4A-AFCE-D72B7377A728}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"TCP Query User{C573CD24-A0F6-4FE8-A7DD-3C28A95433F2}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe |
"TCP Query User{C8BF6D31-29EA-4F2E-AEB3-543D0928E722}C:\windows\syswow64\npntrplugin2.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"TCP Query User{F8CB8440-1EC8-449B-86AC-12AC9EB3FDF4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F9CBB84F-EC2F-4528-B667-EDE006C88722}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{05C374B4-4BD9-4675-A262-237D84FA3BB4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{437FB0EB-57C0-4114-94CA-0ED21BCC1907}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{607F555F-09ED-471F-B7DA-5403D8F8FFFA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6744B2BA-1FC7-411D-9099-3CEEA6F1F1A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6ACEA875-6121-4677-A338-F15D8CD91599}C:\program files (x86)\adobe\adobe muse\adobe muse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe muse\adobe muse.exe |
"UDP Query User{84916B10-4C47-4F5B-BBE5-ACC3A81AC143}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe |
"UDP Query User{96C9A561-6B55-40F8-91C0-474C245AA818}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A45B91EE-2742-4E8C-929D-A05DECDFA3B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{AAB835E8-AD76-4DF5-8C35-32FEC6B3644C}C:\windows\syswow64\npntrplugin2.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"UDP Query User{B155172D-FE44-4041-8032-EA31B9D93662}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{BAAB0452-3153-4B45-86BD-8082A9493C2D}C:\windows\syswow64\npntrplugin2.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\npntrplugin2.exe |
"UDP Query User{E2234E4D-4ADA-4675-A71C-453EED2C3C02}C:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"UDP Query User{E4EC2F78-38F6-491D-9B19-AE7AB6F65C90}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FC2D2DBD-2BB6-49AF-8488-D20B8B25D157}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{48AC4F0F-50D6-4B58-97EF-C0035F538FE1}" = Endpoint
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5476AB75-E584-4497-80AF-7F205D8F6F54}" = Privacy Manager for HP ProtectTools
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}" = Validity Fingerprint Sensor Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A674F348-9412-4AF5-89A5-BCC0FBB6FC22}" = Embedded Security for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0325
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BFF01F-485E-415F-B0CB-A6842FC0851C}" = 3DVIA plugin for Photoshop CS5 Extended (64-bit)
"{B617B439-87A2-4109-94A6-BD768B259F83}" = HP ProtectTools Security Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD4F3229-4A37-463F-98A3-3DEEEEE8492C}" = HP Backlit Keyboard Controls
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D6B65B14-41B2-471A-92F8-63C235F00DE6}" = ConnectWise Internet Client 64-bit
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Blender" = Blender
"Endpoint Security" = Security Manager AV Defender
"EPSON Artisan 710 Series" = EPSON Artisan 710 Series Printer Uninstall
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Neat Video for Premiere_is1" = Neat Video v3.1.0 Demo plug-in for Premiere (64-bit)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E094E1-A852-11E2-803D-ACEA632352B4}" = Adobe Dreamweaver CC
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07E80932-FFB1-402D-9198-18C58EBAF216}" = Adobe Encore CS6 Library
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0CC93482-5EAD-4224-AC9D-07C1548F03E6}" = HP Connection Manager
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1CE213F8-D2A4-4069-B918-589EEFB1DB2C}" = HP Mobile Display Assistant
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}" = Adobe Extension Manager CC
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2799064B-FFEE-4D40-A400-907A90D653AB}" = HP Performance Advisor
"{29AA12E9-934C-485E-A9A1-D823FEB29880}" = Adobe SpeedGrade CC
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2B1F8DD0-873D-4AC3-8400-766F255FE263}" = Camtasia Studio 8
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{317243C1-6580-4F43-AED7-37D4438C3DD5}" = Adobe After Effects CC
"{33D30F94-4C9E-2A80-0C56-9E7696E44628}" = Adobe Story
"{359F8007-6486-429C-A8C5-D67F6897C88C}" = Adobe Bridge CC (64 Bit)
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A61A282-4F08-4D43-920C-DC30ECE528E8}" = HP System Default Settings
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{427867D2-9459-4C7B-81E8-2CA570596645}" = NVIDIA PhysX
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}" = Adobe Premiere Pro CC
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{559C9050-3E02-E763-DBFA-B0CC62F5B6D7}" = Adobe Muse
"{564E4F25-DF80-47F7-9991-C6488107F21F}" = Uninstall Adobe Muse
"{5D73C19B-BE10-44A6-96B2-A516756ED29F}" = Adobe Prelude CC
"{5f8d2001-8c69-4eff-94d2-1770304e84a1}" = Check Point Endpoint Connect
"{614020C8-2E16-4E16-A5F0-04DE2AB96097}" = Adobe Premiere Pro CS6 Functional Content
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{6297487E-3778-4F72-B458-55690418DB98}" = Adobe ExtendScript Toolkit CC
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6606F377-873C-4EA8-BCEF-2AC21067004C}" = Smart Zero Client Services
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}" = HP QuickWeb
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F71D588-8479-49AE-85F2-209741942E7E}" = DeskDirector
"{6FC0AA88-A751-4E5A-B4A8-9F6926E60E6F}" = Windows Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{92094051-CDDB-D9BA-426C-975526525429}" = Adobe® Content Viewer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{9496E0B9-9094-4F1B-B3D5-164418013E69}" = Network Recording Player
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F4F9095-19B1-44E0-9A54-9B6A5B2E8481}" = DeskDirector Chat
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BC448016-6F11-1014-B0EA-97CEE6E26CB6}" = Adobe InDesign CC
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{be839ba5-dc35-4ea7-83fb-a7bf5779ab6d}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA3
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CD54AE4D-874D-40CF-93D2-F766875BE0C7}" = Adobe Edge Code Preview 2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D562B3BB-4405-4FA8-BCE2-D5DB89E8D5CE}" = HP ESU for Microsoft Windows 7
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}" = Adobe Audition CC
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5184D41-7796-4127-BBE4-46993F9FAAF3}" = SmartSound Sonicfire Pro 5.8
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F7DE06AE-23B6-4837-ADAB-02C5D6658C46}" = Adobe Edge Animate
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE465061-894A-4023-8580-56FCDD4F23F9}" = HP SoftPaq Download Manager
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AdobeMuse" = Adobe Muse
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DeskDirector 13.1.8" = DeskDirector
"DeskDirector Chat 13.1.5" = DeskDirector Chat
"EPSON Scanner" = EPSON Scan
"GoPro Studio" = GoPro Studio 2.0.0
"InstallShield_{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6606F377-873C-4EA8-BCEF-2AC21067004C}" = Smart Zero Client Services
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{E5184D41-7796-4127-BBE4-46993F9FAAF3}" = SmartSound Sonicfire Pro 5.8
"PDF Complete" = PDF Complete Special Edition
"PSPad editor_is1" = PSPad editor
"Quosal Create" = Quosal Create 2013
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK (1.0.0.55)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox
"DSite" = Update for Zip Opener
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.7.0.1172
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2013 4:53:34 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 7/2/2013 4:53:34 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005

Error - 7/2/2013 4:53:35 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 7/2/2013 4:53:36 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017

Error - 7/2/2013 4:53:37 PM | Computer Name = KM-ADMIN-02 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

[ Hewlett-Packard Events ]
Error - 11/20/2012 6:59:35 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/27/2012 2:20:29 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 12/4/2012 2:13:42 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 12/11/2012 2:37:22 PM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 12/19/2012 12:06:09 AM | Computer Name = KM-ADMIN-02 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8142 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 12/19/2012 9:14:39 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 12/19/2012 11:34:14 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/10/2013 8:26:34 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/22/2013 4:44:07 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 1/22/2013 5:11:20 PM | Computer Name = KM-ADMIN-02 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8142
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Connection Manager Events ]
Error - 8/2/2013 12:01:15 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/02 09:01:15.139|00001470|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/12/2013 1:47:47 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/12 10:47:47.800|000016AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/12/2013 1:48:26 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/12 10:48:26.862|000016AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/13/2013 4:56:19 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/13 13:56:19.938|000022FC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/14/2013 1:48:50 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/13 22:48:50.803|00002BE8|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/14/2013 12:00:32 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/14 09:00:32.918|00002BE8|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/15/2013 5:12:56 PM | Computer Name = KM-ADMIN-02 | Source = hpCMSrv | ID = 5
Description = 2013/08/15 14:12:56.534|00001908|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 8/23/2013 6:33:45 PM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/23 15:33:45.702|00001FC4|Error |[HP.Mobile]Wlan::b{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

Error - 8/30/2013 7:15:47 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/08/30 04:15:47.089|00002744|Error |[HP.Mobile]HotSpot::a{void(HP.Mobile.Helper.WlanHostedNetworkState)}|The
RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Error - 9/10/2013 9:06:46 AM | Computer Name = KM-ADMIN-02 | Source = hpMobile | ID = 5
Description = 2013/09/10 06:06:46.828|000012C4|Error |[HP.Mobile]Wlan::b{void()}|The
data is invalid. (Exception from HRESULT: 0x8007000D)

[ HP HotKey Support Events ]
Error - 9/20/2012 6:14:19 PM | Computer Name = KM-ADMIN-02 | Source = HpHotkeyMonitor | ID = 5
Description = 2012/09/20 15:14:19.250|00000B84|Error |WmiEvent::Register|ExecNotificationQueryAsync
failed: 0x8004100A

Error - 9/20/2012 6:34:24 PM | Computer Name = KM-ADMIN-02 | Source = QlbController | ID = 5
Description = 2012/09/20 15:34:24.949|00001B3C|Error |Program::RegisterEvents{hpCasl.enReturnCode(bool)}|Registering
for SmartAdapter.PluggedIn Failed. RetCode: e_GENERAL_EXCEPTION

Error - 9/20/2012 6:54:25 PM | Computer Name = KM-ADMIN-02 | Source = QlbController | ID = 5
Description = 2012/09/20 15:54:25.018|00001B3C|Error |Program::RegisterEvents{hpCasl.enReturnCode(bool)}|Registering
for DockState.Changed Failed. RetCode: e_GENERAL_EXCEPTION

[ HP Power Assistant Events ]
Error - 10/2/2013 2:58:13 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 2:58:13 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:04:02 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:04:02 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:11:32 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:11:32 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:16:33 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 3:19:56 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 4:04:22 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

Error - 10/2/2013 4:04:22 PM | Computer Name = KM-ADMIN-02 | Source = HP PA Service | ID = 1023
Description = An error occurred in HP Power Assistant application, [HPCommon]. Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS nits(62828) * Gain(-0.0118) + Offset(0)) * nits(62828)
< 0

[ HP Software Framework Events ]
Error - 7/13/2012 1:14:13 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:14:13.219|00001414|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:01 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:01.766|00000E20|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:07 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:07.857|00001FC4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 7/13/2012 1:15:24 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/07/13 10:15:24.347|00001904|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 9/21/2012 11:03:19 AM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/09/21 08:03:19.822|00001A78|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 9/27/2012 10:48:45 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/09/27 19:48:45.669|00001D3C|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Retrieving the COM class factory
for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the
following error: 8007045b.

Error - 12/28/2012 3:15:31 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2012/12/28 11:15:31.725|00001718|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 1/10/2013 8:27:18 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/10 16:27:18.706|00001A58|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

Error - 1/10/2013 8:27:18 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/10 16:27:18.737|00001A58|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Object reference
not set to an instance of an object.

Error - 1/17/2013 8:58:44 PM | Computer Name = KM-ADMIN-02 | Source = CaslSmBios | ID = 5
Description = 2013/01/17 16:58:44.713|000018E8|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Object reference not set to an instance
of an object.

[ System Events ]
Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote service service depends the following
service: FW1. This service might not be installed.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote watchdog service depends the following
service: FW1. This service might not be installed.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\vpn.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7000
Description = The VPN-1 Module service failed to start due to the following error:
%%1275

Error - 10/1/2013 6:55:06 PM | Computer Name = KM-ADMIN-02 | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{ff1cd095-bd98-11e0-9f17-806e6f6e6963}
cannot be read.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote service service depends the following
service: FW1. This service might not be installed.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7003
Description = The Check Point VPN-1 Securemote watchdog service depends the following
service: FW1. This service might not be installed.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\vpn.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/2/2013 11:48:17 AM | Computer Name = KM-ADMIN-02 | Source = Service Control Manager | ID = 7000
Description = The VPN-1 Module service failed to start due to the following error:
%%1275

Error - 10/2/2013 11:48:19 AM | Computer Name = KM-ADMIN-02 | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{ff1cd095-bd98-11e0-9f17-806e6f6e6963}
cannot be read.


< End of report >

And here is the aswMBR log file:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-03 11:49:58
-----------------------------
11:49:58.376 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:58.376 Number of processors: 8 586 0x2A07
11:49:58.377 ComputerName: KM-ADMIN-02 UserName: Ken
11:50:00.726 Initialize success
11:52:11.029 AVAST engine defs: 13100301
11:53:56.157 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:53:56.159 Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
11:53:56.245 Disk 0 MBR read successfully
11:53:56.251 Disk 0 MBR scan
11:53:56.341 Disk 0 Windows 7 default MBR code
11:53:56.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
11:53:56.348 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 694701 MB offset 616448
11:53:56.378 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15280 MB offset 1423364096
11:53:56.406 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 1454657536
11:53:56.477 Disk 0 scanning C:\windows\system32\drivers
11:54:10.437 Service scanning
11:54:14.272 Service Bdfndisf c:\program files\n-able technologies\endpoint\bdfndisf6.sys **LOCKED** 5
11:54:14.323 Service Bdfwfpf C:\Program Files\N-able Technologies\Endpoint\bdfwfpf.sys **LOCKED** 5
11:54:45.595 Modules scanning
11:54:45.616 Disk 0 trace - called modules:
11:54:45.704 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
11:54:45.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009694790]
11:54:45.730 3 CLASSPNP.SYS[fffff880011c743f] -> nt!IofCallDriver -> [0xfffffa80095a3b10]
11:54:45.739 5 hpdskflt.sys[fffff88001831379] -> nt!IofCallDriver -> [0xfffffa8007bb0430]
11:54:45.759 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bb4050]
11:54:48.305 AVAST engine scan C:\windows
11:54:54.398 AVAST engine scan C:\windows\system32
11:59:19.119 AVAST engine scan C:\windows\system32\drivers
11:59:38.661 AVAST engine scan C:\Users\Ken
12:32:14.162 Disk 0 MBR has been saved successfully to "C:\Users\Ken\Desktop\MBR.dat"
12:32:14.230 The log file has been saved successfully to "C:\Users\Ken\Desktop\aswMBR.txt"
  • 0

#4
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The pop-unders haven't happened, but the URL rewriting is still occurring.
  • 0

#5
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
How do I follow a thread?
  • 0

#6
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Ken_K. To follow a thread go to the top of the thread and there will be a button that says Watch Topic or Stop Watching Topic. I think you should automatically be following your own thread though... Can you grab the Malwarebytes log for me? Also when you say URL rewriting you are referring to getting redirected from your desired site to another site right? We use the term URL redirect for that - just want to make sure I understand you correctly. I'll go through your OTL log today and have further instructions for you later.

  • Start MBAM
  • The log can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

  • 0

#7
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
By URL rewrite I am referring to it modifying the URL I'm trying to get to. For example, "http://www.foxnews.com" is changed to "http://www.foxnews.c...n/redirect.ha". I saw this as a rewrite rather than a redirect, but I'll be the first to admit I'm no expert in this.

Here's the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Ken :: KM-ADMIN-02 [administrator]

Protection: Enabled

10/3/2013 9:36:44 AM
mbam-log-2013-10-03 (09-36-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 614469
Time elapsed: 1 hour(s), 36 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Ken\AppData\Local\Temp\is357113909\Toparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Ken\Downloads\7-zip.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.

(end)
  • 0

#8
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Are you getting redirected to undesired sites? The example you spoke of seems to be harmless however when I try on my computer for foxnews no redirect. Can you give another perhaps more malicious example? I'm thinkin there's something lurking somewhere on your computer so I'll keep looking at your logs.
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Also can you try another browser i.e. Internet Explorer/Chrome/Firefox to see if the symptoms persist in another browser?
  • 0

#10
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have IE and Chrome installed on my system. Chrome does not have this problem.
  • 0

Advertisements


#11
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Ken_K. I am almost done with your OTL log. Will probably finish later today. I have to go to work now :) ... I will give you further instructions. It appears as if there's no malware present we might just need to tweak IE a little to restore normal functionality. Talk to ya soon.
Josh
  • 0

#12
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK. Thanks.
  • 0

#13
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi again. Didn't have time to finish today so will finish first thing tomorrow. Sorry to keep you waiting.
  • 0

#14
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Ken_K. I finished looking at your OTL log. Sorry it took so long it was about twice as big as a normal log. It looks clean as does your aswMBR log. Let's try a few things to see if we can get rid of the redirects. The first is a clean with a program called ADWCleaner to get rid of any spyware/adware you might have installed. If this doesn't fix the problem we'll try resetting IE. Please do the following:

Step 1

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Step 2

If AdwCleaner did not fix your issue please follow the instructions here to reset Internet Explorer. You might want to look under the Internet Explorer settings that are affected by a reset section to make sure you won't loose any valuable settings but your favorites will be maintained; all settings that are changed can be set back to their previous state manually after the reset.

Things to see in your next post:
AdwCleaner log
IE reset results if attempted

  • 0

#15
Ken_K

Ken_K

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The rewrites are still occurring. I ran the AdwCleaner and reset IE10.

Here is the AdwCleaner report:

# AdwCleaner v3.006 - Report created 06/10/2013 at 08:46:31
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ken - KM-ADMIN-02
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Ken\AppData\Roaming\DSite
File Deleted : C:\Users\Ken\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\windows\Tasks\DSite.job
File Deleted : C:\windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\dsiteproducts

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2681 octets] - [06/10/2013 08:44:34]
AdwCleaner[S0].txt - [2347 octets] - [06/10/2013 08:46:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2407 octets] ##########
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP