Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional information about the problem:
BCCode: 50
BCP1: FFFFF88117564EA0
BCP2: 0000000000000000
BCP3: FFFFF88004792878
BCP4: 0000000000000005
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-16 15:56:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1 298.09GB
Running: GMER.exe; Driver: C:\Users\Maryling\AppData\Local\Temp\pxdyqkob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072281a22 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072281ad0 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072281b08 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072281bba 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072281bda 2 bytes [28, 72]
.text C:\Program Files (x86)\ShowMyPCService\tvnserver.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\ShowMyPCService\tvnserver.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Users\Maryling\Desktop\OTL.exe[4904] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Users\Maryling\Desktop\OTL.exe[4904] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2584] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2584] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5816:1232] 000007fefb392a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5816:1380] 000007fef4ac5124
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{76584EE3-8096-4F24-AEF6-E96416AC9D67}\Connection@Name isatap.hsd1.nj.comcast.net.
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}\Connection@Name Reusable ISATAP Interface {A6E3A4EF-985C-4497-9BD2-654D061B3E50}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}?\Device\{76584EE3-8096-4F24-AEF6-E96416AC9D67}?\Device\{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}?\Device\{16A1A3DD-2837-4321-A957-49AF8734CF06}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}"?"{76584EE3-8096-4F24-AEF6-E96416AC9D67}"?"{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}"?"{16A1A3DD-2837-4321-A957-49AF8734CF06}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}?\Device\TCPIP6TUNNEL_{76584EE3-8096-4F24-AEF6-E96416AC9D67}?\Device\TCPIP6TUNNEL_{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}?\Device\TCPIP6TUNNEL_{16A1A3DD-2837-4321-A957-49AF8734CF06}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b111a77
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b111a77@34bb1f1be24a 0xD2 0x2A 0xFA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{76584EE3-8096-4F24-AEF6-E96416AC9D67}@InterfaceName isatap.hsd1.nj.comcast.net.
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{76584EE3-8096-4F24-AEF6-E96416AC9D67}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}@InterfaceName Reusable ISATAP Interface {A6E3A4EF-985C-4497-9BD2-654D061B3E50}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}@ReusableType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-ce-7c-30-76
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-ce-7c-30-76@ClientLocalPort 58167
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-ce-7c-30-76@AddressCreationTimestamp 136758828
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-ce-7c-30-76@TeredoAddress 2001:0:4137:9e76:20d9:1cc8:9d22:be40
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5797
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5379
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 75.75.75.75 75.75.76.76 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpIPAddress 192.168.1.103
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@Lease 86400
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@LeaseObtainedTime 1381950789
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@T1 1381993989
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@T2 1382026389
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@LeaseTerminatesTime 1382037189
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpNameServer 75.75.75.75 75.75.76.76 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpDefaultGateway 192.168.1.1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b111a77 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b111a77@34bb1f1be24a 0xD2 0x2A 0xFA 0xA3 ...
---- Files - GMER 2.1 ----
ADS C:\Windows\System32\autochk.exe:BAK 23040 bytes executable
ADS C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe:BAK 23040 bytes executable
---- EOF - GMER 2.1 ----
OTL logfile created on: 10/16/2013 4:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maryling\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.94 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.80% Memory free
7.87 Gb Paging File | 4.95 Gb Available in Paging File | 62.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.83 Gb Total Space | 128.23 Gb Free Space | 46.49% Space Free | Partition Type: NTFS
Drive D: | 16.96 Gb Total Space | 2.57 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive E: | 4.99 Gb Total Space | 2.13 Gb Free Space | 42.72% Space Free | Partition Type: FAT32
Computer Name: MARYLING-HP | User Name: Maryling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/16 14:42:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
PRC - [2013/09/04 10:43:00 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2013/06/03 19:46:01 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Maryling\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/19 16:30:02 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/11/19 16:24:46 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/07/31 14:29:18 | 003,084,288 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/06/15 16:31:34 | 000,026,816 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\Total Defense\Info Center\InfoCenter.exe
PRC - [2011/09/13 12:59:30 | 000,091,752 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/04/05 11:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/02/11 23:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/02/10 20:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/09 11:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011/02/07 14:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/01/26 13:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 16:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/12 14:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
PRC - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/10 07:54:38 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:54:24 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:54:20 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 08:37:00 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 16:51:48 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/08/15 15:53:11 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:52:50 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:52:42 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/19 11:26:40 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/07/19 11:13:19 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/09 11:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/10/08 09:13:46 | 000,367,112 | ---- | M] (Total Defense, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2013/10/08 09:13:46 | 000,288,776 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2013/10/08 09:13:36 | 000,313,040 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2013/09/03 16:58:14 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/09/03 16:58:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/18 01:50:24 | 000,314,448 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2012/02/28 14:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/03/28 02:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/11 23:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/02/09 11:28:12 | 001,318,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/26 21:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/21 19:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 15:10:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/04 10:43:00 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (Rpcnet)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/14 13:42:06 | 000,216,192 | ---- | M] (Qualcomm Atheros Commnucations) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/09/14 12:35:56 | 000,323,584 | R--- | M] (Atheros) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/08/07 08:05:40 | 000,059,392 | ---- | M] (Ellie Mae, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe -- (SCAppMgr)
SRV - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/06/20 14:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/09/13 12:59:30 | 000,091,752 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/04/05 11:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/07 16:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/02/07 14:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/02/03 18:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/01 04:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 19:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/18 16:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/17 15:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 15:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 14:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/11/29 12:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 03:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/03 16:58:15 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/01/15 18:17:42 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/12/20 21:24:48 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/14 13:21:22 | 000,575,128 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/09/14 13:21:18 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/09/14 13:21:16 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/09/14 13:21:16 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/09/14 13:21:14 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/09/14 13:21:14 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/09/14 13:21:14 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/09/14 13:21:14 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/19 22:36:42 | 000,055,448 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2012/08/17 09:27:38 | 002,891,512 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2012/06/19 08:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 03:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 14:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/02/28 14:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/10/27 16:07:50 | 000,182,352 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/10/26 12:51:38 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/09/06 22:04:20 | 000,365,136 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/03/28 03:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/28 02:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 11:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/02/07 10:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/02 20:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 03:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{388A8E59-FD05-43B6-AFDC-876333167ED0}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...1DHP&dt=041613"
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Maryling\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/02 15:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/11 06:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/11 06:52:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/01/11 21:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Extensions
[2013/01/11 21:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions
[2013/01/11 21:56:17 | 000,000,000 | ---D | M] (Windows Media Player Extension for Firefox) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack
[2013/01/11 21:36:29 | 000,013,972 | ---- | M] () (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2013/04/16 19:08:43 | 000,002,402 | ---- | M] () -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\searchplugins\bingp.xml
[2013/10/15 12:13:20 | 000,003,737 | ---- | M] () -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\searchplugins\safeguard-secure-search.xml
[2013/08/11 06:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/15 10:03:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/11 06:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/15 10:03:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/05 21:39:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.0_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.2.1_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\Total Defense\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Maryling\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ls/pctuneup.cab (VersionControl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430F5ACE-77D7-4E57-8A7D-BB74BCB8901E}: DhcpNameServer = 192.168.0.25 192.168.0.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ea44e09-8e4b-11e2-8f53-74de2b111a77}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea44e09-8e4b-11e2-8f53-74de2b111a77}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{93ee8ae0-37dd-11e2-b461-101f74fe42f7}\Shell - "" = AutoRun
O33 - MountPoints2\{93ee8ae0-37dd-11e2-b461-101f74fe42f7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9a4bb203-262d-11e2-af90-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a4bb203-262d-11e2-af90-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/16 14:42:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
[2013/10/16 14:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/16 13:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/16 13:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/15 12:15:39 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/10/09 08:53:56 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\Docs
[2013/10/08 09:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TotalDefense
[2013/10/07 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\241-831471 - Accepted Contract
[2013/10/07 11:14:55 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\Mortgage Docs needed
[2013/09/23 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\Maryling\AppData\Local\WinZip
[2013/09/23 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/09/23 13:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
========== Files - Modified Within 30 Days ==========
[2013/10/16 15:21:11 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 15:21:10 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 15:13:34 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/10/16 15:13:33 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2013/10/16 15:12:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/16 15:12:42 | 4226,138,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 15:12:41 | 534,397,771 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/16 15:12:32 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
[2013/10/16 15:12:32 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2013/10/16 15:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 14:42:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
[2013/10/16 14:10:12 | 000,112,908 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2013/10/16 14:10:12 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2013/10/16 13:48:13 | 000,000,071 | RHS- | M] () -- C:\ProgramData\3002.xml
[2013/10/16 09:38:48 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMaryling.job
[2013/10/16 08:27:53 | 000,000,335 | ---- | M] () -- C:\windows\BRRBCOM.INI
[2013/10/15 08:39:06 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/10/15 08:39:04 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/11 04:56:58 | 000,000,873 | ---- | M] () -- C:\Users\Maryling\Desktop\AdobeReader_11.0.05.wsf
[2013/10/11 04:47:02 | 002,682,880 | ---- | M] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11005.msp
[2013/10/10 07:59:51 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:59:51 | 000,661,930 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/10 07:59:51 | 000,121,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/10 07:50:25 | 000,418,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/10 07:41:38 | 000,775,304 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/08 15:50:52 | 002,863,579 | ---- | M] () -- C:\Users\Maryling\Documents\Praxis.pdf
[2013/10/08 15:48:32 | 002,863,579 | ---- | M] () -- C:\Users\Maryling\Documents\Praxis1.pdf
[2013/10/08 03:30:38 | 000,001,368 | ---- | M] () -- C:\Users\Maryling\Desktop\iTunes64Setup_11.1.1.11.wsf
[2013/10/05 21:39:50 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/05 03:55:34 | 019,279,872 | ---- | M] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11004.msp
[2013/10/01 02:57:02 | 067,772,416 | ---- | M] () -- C:\Users\Maryling\Desktop\iTunes64.msi
[2013/10/01 02:38:34 | 012,152,832 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleMobileDeviceSupport64.msi
[2013/10/01 02:38:34 | 002,682,368 | ---- | M] () -- C:\Users\Maryling\Desktop\Bonjour64.msi
[2013/10/01 02:35:36 | 002,323,456 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleSoftwareUpdate.msi
[2013/10/01 00:49:02 | 021,402,624 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleApplicationSupport.msi
[2013/09/24 12:49:23 | 000,332,772 | ---- | M] () -- C:\Users\Maryling\Documents\YMCA.pdf
[2013/09/23 13:54:50 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/20 09:33:44 | 000,000,224 | ---- | M] () -- C:\Users\Maryling\Desktop\Jeff Harris - Outlook Web App.url
[2013/09/18 13:03:56 | 000,000,000 | ---- | M] () -- C:\Users\Maryling\Documents\PDF
========== Files Created - No Company Name ==========
[2013/10/16 14:01:39 | 019,279,872 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11004.msp
[2013/10/16 14:01:39 | 000,000,873 | ---- | C] () -- C:\Users\Maryling\Desktop\AdobeReader_11.0.05.wsf
[2013/10/16 14:01:38 | 018,702,336 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11003.msp
[2013/10/16 14:01:38 | 017,502,208 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11001.msp
[2013/10/16 14:01:38 | 002,682,880 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11005.msp
[2013/10/16 14:01:38 | 001,519,616 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11002.msp
[2013/10/16 13:58:25 | 000,001,368 | ---- | C] () -- C:\Users\Maryling\Desktop\iTunes64Setup_11.1.1.11.wsf
[2013/10/16 13:58:24 | 067,772,416 | ---- | C] () -- C:\Users\Maryling\Desktop\iTunes64.msi
[2013/10/16 13:58:24 | 012,152,832 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleMobileDeviceSupport64.msi
[2013/10/16 13:58:24 | 002,682,368 | ---- | C] () -- C:\Users\Maryling\Desktop\Bonjour64.msi
[2013/10/16 13:58:24 | 002,323,456 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleSoftwareUpdate.msi
[2013/10/16 13:58:23 | 021,402,624 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleApplicationSupport.msi
[2013/10/15 12:15:11 | 534,397,771 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/10/15 08:39:06 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/10/15 08:39:04 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/08 15:49:57 | 002,863,579 | ---- | C] () -- C:\Users\Maryling\Documents\Praxis.pdf
[2013/10/08 15:48:32 | 002,863,579 | ---- | C] () -- C:\Users\Maryling\Documents\Praxis1.pdf
[2013/09/24 12:49:23 | 000,332,772 | ---- | C] () -- C:\Users\Maryling\Documents\YMCA.pdf
[2013/09/23 13:54:50 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/06 23:40:33 | 000,000,092 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/09/06 23:40:33 | 000,000,024 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/09/06 20:58:13 | 000,000,335 | ---- | C] () -- C:\windows\BRRBCOM.INI
[2013/09/06 20:57:32 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/09/06 20:56:56 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/09/06 20:56:54 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/09/06 20:44:42 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/09/06 20:43:52 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2013/09/06 20:35:29 | 000,000,115 | ---- | C] () -- C:\windows\{88B5FBDC-967D-4B1F-B291-39284AE12201}.ini
[2013/09/04 22:00:13 | 000,000,600 | ---- | C] () -- C:\Users\Maryling\PUTTY.RND
[2013/09/04 10:42:09 | 000,000,071 | RHS- | C] () -- C:\ProgramData\3002.xml
[2013/09/04 10:42:07 | 000,018,208 | RHS- | C] () -- C:\ProgramData\3002.abs
[2013/04/18 09:49:06 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2013/04/18 09:49:06 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2013/04/18 09:49:06 | 000,014,479 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2013/04/18 09:49:06 | 000,004,200 | ---- | C] () -- C:\windows\remove.ini
[2013/04/18 09:49:06 | 000,004,088 | ---- | C] () -- C:\windows\Dext_12.ini
[2013/04/18 09:49:06 | 000,004,036 | ---- | C] () -- C:\windows\Dext_27.ini
[2013/04/18 09:49:06 | 000,004,036 | ---- | C] () -- C:\windows\Dext_21.ini
[2013/04/18 09:49:06 | 000,004,032 | ---- | C] () -- C:\windows\Dext_25.ini
[2013/04/18 09:49:06 | 000,003,940 | ---- | C] () -- C:\windows\Dext_11.ini
[2013/04/18 09:49:06 | 000,003,934 | ---- | C] () -- C:\windows\Dext_14.ini
[2013/04/18 09:49:06 | 000,003,860 | ---- | C] () -- C:\windows\Dext_10.ini
[2013/04/18 09:49:06 | 000,003,844 | ---- | C] () -- C:\windows\Dext_16.ini
[2013/04/18 09:49:06 | 000,003,808 | ---- | C] () -- C:\windows\Dext_08.ini
[2013/04/18 09:49:06 | 000,003,790 | ---- | C] () -- C:\windows\Dext_31.ini
[2013/04/18 09:49:06 | 000,003,776 | ---- | C] () -- C:\windows\Dext_1046.ini
[2013/04/18 09:49:06 | 000,003,774 | ---- | C] () -- C:\windows\Dext_36.ini
[2013/04/18 09:49:06 | 000,003,750 | ---- | C] () -- C:\windows\Dext_20.ini
[2013/04/18 09:49:06 | 000,003,740 | ---- | C] () -- C:\windows\Dext_22.ini
[2013/04/18 09:49:06 | 000,003,714 | ---- | C] () -- C:\windows\Dext_06.ini
[2013/04/18 09:49:06 | 000,003,650 | ---- | C] () -- C:\windows\Dext_07.ini
[2013/04/18 09:49:06 | 000,003,644 | ---- | C] () -- C:\windows\Dext_19.ini
[2013/04/18 09:49:06 | 000,003,636 | ---- | C] () -- C:\windows\Dext_24.ini
[2013/04/18 09:49:06 | 000,003,570 | ---- | C] () -- C:\windows\Dext_29.ini
[2013/04/18 09:49:06 | 000,003,456 | ---- | C] () -- C:\windows\Dext_30.ini
[2013/04/18 09:49:06 | 000,003,316 | ---- | C] () -- C:\windows\Dext_09.ini
[2013/04/18 09:49:06 | 000,003,268 | ---- | C] () -- C:\windows\Dext_13.ini
[2013/04/18 09:49:06 | 000,002,828 | ---- | C] () -- C:\windows\Dext_17.ini
[2013/04/18 09:49:06 | 000,002,744 | ---- | C] () -- C:\windows\Dext_18.ini
[2013/04/18 09:49:06 | 000,002,700 | ---- | C] () -- C:\windows\Dext_2052.ini
[2013/04/18 09:49:05 | 000,003,940 | ---- | C] () -- C:\windows\Dext_05.ini
[2013/04/18 09:49:05 | 000,003,660 | ---- | C] () -- C:\windows\Dext_02.ini
[2013/04/18 09:49:05 | 000,003,532 | ---- | C] () -- C:\windows\Dext_01.ini
[2013/04/18 09:49:05 | 000,002,912 | ---- | C] () -- C:\windows\Dext_04.ini
[2012/11/03 23:17:56 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/11/03 23:16:02 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012/11/03 21:28:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/11/03 20:42:40 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbffhe.sys
[2012/09/23 18:12:02 | 000,000,281 | ---- | C] () -- C:\windows\EEFPrinter.exe.config
[2012/04/24 11:18:42 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\GNetParserX.dll
[2012/04/24 11:18:40 | 000,225,280 | ---- | C] () -- C:\windows\SysWow64\GN32.DLL
[2012/04/24 11:18:40 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\ExpLoansFromGenesis.dll
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/03 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/10/11 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\ControlCenter4
[2012/11/03 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\DigitalPersona
[2013/09/05 14:48:38 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Encompass
[2013/09/05 15:10:16 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\ePASS
[2013/04/18 09:25:41 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\IDT
[2013/09/06 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Nuance
[2013/06/03 19:45:43 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\SanDisk
[2012/11/03 20:27:43 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Sierra Wireless
[2012/11/03 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Synaptics
[2012/11/26 19:18:59 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\TestApp
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >