Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue screen 50 error when using IE


  • Please log in to reply

#1
Stillerz

Stillerz

    New Member

  • Member
  • Pip
  • 1 posts
When opening new browsers in IE, I get the BSOD. I ran OTL and GMER. Output below (GMER is 1st):

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: FFFFF88117564EA0
BCP2: 0000000000000000
BCP3: FFFFF88004792878
BCP4: 0000000000000005
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-16 15:56:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1 298.09GB
Running: GMER.exe; Driver: C:\Users\Maryling\AppData\Local\Temp\pxdyqkob.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072281a22 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072281ad0 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072281b08 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072281bba 2 bytes [28, 72]
.text C:\Windows\SysWOW64\rpcnet.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072281bda 2 bytes [28, 72]
.text C:\Program Files (x86)\ShowMyPCService\tvnserver.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\ShowMyPCService\tvnserver.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Users\Maryling\Desktop\OTL.exe[4904] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Users\Maryling\Desktop\OTL.exe[4904] C:\windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2584] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2584] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5816:1232] 000007fefb392a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5816:1380] 000007fef4ac5124

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{76584EE3-8096-4F24-AEF6-E96416AC9D67}\[email protected] isatap.hsd1.nj.comcast.net.
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}\[email protected] Reusable ISATAP Interface {A6E3A4EF-985C-4497-9BD2-654D061B3E50}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}?\Device\{76584EE3-8096-4F24-AEF6-E96416AC9D67}?\Device\{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}?\Device\{16A1A3DD-2837-4321-A957-49AF8734CF06}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}"?"{76584EE3-8096-4F24-AEF6-E96416AC9D67}"?"{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}"?"{16A1A3DD-2837-4321-A957-49AF8734CF06}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{2107D32F-7C6B-4C05-B952-A98C0DC7B65A}?\Device\TCPIP6TUNNEL_{76584EE3-8096-4F24-AEF6-E96416AC9D67}?\Device\TCPIP6TUNNEL_{8FA1C9FF-7D86-461A-B96D-3D6995CB4C9D}?\Device\TCPIP6TUNNEL_{16A1A3DD-2837-4321-A957-49AF8734CF06}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b111a77
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xD2 0x2A 0xFA 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{76584EE3-8096-4F24-AEF6-E96416AC9D67}@InterfaceName isatap.hsd1.nj.comcast.net.
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{76584EE3-8096-4F24-AEF6-E96416AC9D67}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}@InterfaceName Reusable ISATAP Interface {A6E3A4EF-985C-4497-9BD2-654D061B3E50}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A6E3A4EF-985C-4497-9BD2-654D061B3E50}@ReusableType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-1d-ce-7c-30-76
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\[email protected] 58167
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\[email protected] 136758828
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\[email protected] 2001:0:4137:9e76:20d9:1cc8:9d22:be40
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 5797
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 5379
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\[email protected] 75.75.75.75 75.75.76.76 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpIPAddress 192.168.1.103
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpServer 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@Lease 86400
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@LeaseObtainedTime 1381950789
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@T1 1381993989
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@T2 1382026389
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@LeaseTerminatesTime 1382037189
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpNameServer 75.75.75.75 75.75.76.76 192.168.1.1
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}@DhcpDefaultGateway 192.168.1.1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b111a77 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xD2 0x2A 0xFA 0xA3 ...

---- Files - GMER 2.1 ----

ADS C:\Windows\System32\autochk.exe:BAK 23040 bytes executable
ADS C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe:BAK 23040 bytes executable

---- EOF - GMER 2.1 ----

OTL logfile created on: 10/16/2013 4:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maryling\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.80% Memory free
7.87 Gb Paging File | 4.95 Gb Available in Paging File | 62.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.83 Gb Total Space | 128.23 Gb Free Space | 46.49% Space Free | Partition Type: NTFS
Drive D: | 16.96 Gb Total Space | 2.57 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive E: | 4.99 Gb Total Space | 2.13 Gb Free Space | 42.72% Space Free | Partition Type: FAT32

Computer Name: MARYLING-HP | User Name: Maryling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/16 14:42:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
PRC - [2013/09/04 10:43:00 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2013/06/03 19:46:01 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Maryling\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/19 16:30:02 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/11/19 16:24:46 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/07/31 14:29:18 | 003,084,288 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/06/15 16:31:34 | 000,026,816 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\Total Defense\Info Center\InfoCenter.exe
PRC - [2011/09/13 12:59:30 | 000,091,752 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/04/05 11:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/02/11 23:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011/02/10 20:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/09 11:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2011/02/07 14:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/01/26 13:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 16:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/12 14:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
PRC - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 07:54:38 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:54:24 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:54:20 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 08:37:00 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 16:51:48 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c1d55eed243331c944206f8608fb850\IAStorUtil.ni.dll
MOD - [2013/08/15 15:53:11 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:52:50 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:52:42 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/19 11:26:40 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/07/19 11:13:19 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/09 11:51:36 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2010/11/26 07:31:18 | 000,267,128 | ---- | M] () -- C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/08 09:13:46 | 000,367,112 | ---- | M] (Total Defense, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2013/10/08 09:13:46 | 000,288,776 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2013/10/08 09:13:36 | 000,313,040 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2013/09/03 16:58:14 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/09/03 16:58:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/18 01:50:24 | 000,314,448 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2012/02/28 14:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/03/28 02:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/11 23:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/02/09 11:28:12 | 001,318,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/01/28 09:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/26 21:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/21 19:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/08/05 22:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 15:10:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/04 10:43:00 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (Rpcnet)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/14 13:42:06 | 000,216,192 | ---- | M] (Qualcomm Atheros Commnucations) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/09/14 12:35:56 | 000,323,584 | R--- | M] (Atheros) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/08/07 08:05:40 | 000,059,392 | ---- | M] (Ellie Mae, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe -- (SCAppMgr)
SRV - [2012/07/13 12:07:22 | 000,270,336 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/06/20 14:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/09/13 12:59:30 | 000,091,752 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/04/05 11:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/07 16:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/02/07 14:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/02/03 18:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/01 04:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 19:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/18 16:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/17 15:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 15:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 14:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/11/29 12:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 03:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/03 16:58:15 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/01/15 18:17:42 | 000,175,928 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/12/20 21:24:48 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/14 13:21:22 | 000,575,128 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/09/14 13:21:18 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/09/14 13:21:16 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/09/14 13:21:16 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/09/14 13:21:14 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/09/14 13:21:14 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/09/14 13:21:14 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/09/14 13:21:14 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/19 22:36:42 | 000,055,448 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2012/08/17 09:27:38 | 002,891,512 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2012/06/19 08:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 03:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 14:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/02/28 14:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/10/27 16:07:50 | 000,182,352 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/10/26 12:51:38 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/09/06 22:04:20 | 000,365,136 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/03/28 03:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/28 02:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 11:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/02/07 10:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/02 20:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 03:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{388A8E59-FD05-43B6-AFDC-876333167ED0}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...1DHP&dt=041613"
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Maryling\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/02 15:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/11 06:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/11 06:52:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/11 21:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Extensions
[2013/01/11 21:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions
[2013/01/11 21:56:17 | 000,000,000 | ---D | M] (Windows Media Player Extension for Firefox) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions\[email protected]
[2013/01/11 21:36:29 | 000,013,972 | ---- | M] () (No name found) -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2013/04/16 19:08:43 | 000,002,402 | ---- | M] () -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\searchplugins\bingp.xml
[2013/10/15 12:13:20 | 000,003,737 | ---- | M] () -- C:\Users\Maryling\AppData\Roaming\Mozilla\Firefox\Profiles\bcbr3qb2.default\searchplugins\safeguard-secure-search.xml
[2013/08/11 06:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/15 10:03:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/11 06:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/15 10:03:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/05 21:39:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.0_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.2.1_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: No name found = C:\Users\Maryling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\Total Defense\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Maryling\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ls/pctuneup.cab (VersionControl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430F5ACE-77D7-4E57-8A7D-BB74BCB8901E}: DhcpNameServer = 192.168.0.25 192.168.0.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB751A28-522A-447E-9C9C-7BDB8FD81A4A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ea44e09-8e4b-11e2-8f53-74de2b111a77}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea44e09-8e4b-11e2-8f53-74de2b111a77}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{93ee8ae0-37dd-11e2-b461-101f74fe42f7}\Shell - "" = AutoRun
O33 - MountPoints2\{93ee8ae0-37dd-11e2-b461-101f74fe42f7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9a4bb203-262d-11e2-af90-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a4bb203-262d-11e2-af90-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 14:42:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
[2013/10/16 14:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/16 13:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/16 13:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/15 12:15:39 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/10/09 08:53:56 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\Docs
[2013/10/08 09:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TotalDefense
[2013/10/07 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\241-831471 - Accepted Contract
[2013/10/07 11:14:55 | 000,000,000 | ---D | C] -- C:\Users\Maryling\Documents\Mortgage Docs needed
[2013/09/23 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\Maryling\AppData\Local\WinZip
[2013/09/23 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/09/23 13:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

========== Files - Modified Within 30 Days ==========

[2013/10/16 15:21:11 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 15:21:10 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 15:13:34 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/10/16 15:13:33 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2013/10/16 15:12:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/16 15:12:42 | 4226,138,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 15:12:41 | 534,397,771 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/16 15:12:32 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
[2013/10/16 15:12:32 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2013/10/16 15:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 14:42:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maryling\Desktop\OTL.exe
[2013/10/16 14:10:12 | 000,112,908 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2013/10/16 14:10:12 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2013/10/16 14:10:12 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2013/10/16 14:10:12 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2013/10/16 13:48:13 | 000,000,071 | RHS- | M] () -- C:\ProgramData\3002.xml
[2013/10/16 09:38:48 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMaryling.job
[2013/10/16 08:27:53 | 000,000,335 | ---- | M] () -- C:\windows\BRRBCOM.INI
[2013/10/15 08:39:06 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/10/15 08:39:04 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/11 04:56:58 | 000,000,873 | ---- | M] () -- C:\Users\Maryling\Desktop\AdobeReader_11.0.05.wsf
[2013/10/11 04:47:02 | 002,682,880 | ---- | M] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11005.msp
[2013/10/10 07:59:51 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:59:51 | 000,661,930 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/10 07:59:51 | 000,121,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/10 07:50:25 | 000,418,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/10 07:41:38 | 000,775,304 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/08 15:50:52 | 002,863,579 | ---- | M] () -- C:\Users\Maryling\Documents\Praxis.pdf
[2013/10/08 15:48:32 | 002,863,579 | ---- | M] () -- C:\Users\Maryling\Documents\Praxis1.pdf
[2013/10/08 03:30:38 | 000,001,368 | ---- | M] () -- C:\Users\Maryling\Desktop\iTunes64Setup_11.1.1.11.wsf
[2013/10/05 21:39:50 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/05 03:55:34 | 019,279,872 | ---- | M] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11004.msp
[2013/10/01 02:57:02 | 067,772,416 | ---- | M] () -- C:\Users\Maryling\Desktop\iTunes64.msi
[2013/10/01 02:38:34 | 012,152,832 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleMobileDeviceSupport64.msi
[2013/10/01 02:38:34 | 002,682,368 | ---- | M] () -- C:\Users\Maryling\Desktop\Bonjour64.msi
[2013/10/01 02:35:36 | 002,323,456 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleSoftwareUpdate.msi
[2013/10/01 00:49:02 | 021,402,624 | ---- | M] () -- C:\Users\Maryling\Desktop\AppleApplicationSupport.msi
[2013/09/24 12:49:23 | 000,332,772 | ---- | M] () -- C:\Users\Maryling\Documents\YMCA.pdf
[2013/09/23 13:54:50 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/20 09:33:44 | 000,000,224 | ---- | M] () -- C:\Users\Maryling\Desktop\Jeff Harris - Outlook Web App.url
[2013/09/18 13:03:56 | 000,000,000 | ---- | M] () -- C:\Users\Maryling\Documents\PDF

========== Files Created - No Company Name ==========

[2013/10/16 14:01:39 | 019,279,872 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11004.msp
[2013/10/16 14:01:39 | 000,000,873 | ---- | C] () -- C:\Users\Maryling\Desktop\AdobeReader_11.0.05.wsf
[2013/10/16 14:01:38 | 018,702,336 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11003.msp
[2013/10/16 14:01:38 | 017,502,208 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrUpd11001.msp
[2013/10/16 14:01:38 | 002,682,880 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11005.msp
[2013/10/16 14:01:38 | 001,519,616 | ---- | C] () -- C:\Users\Maryling\Desktop\AdbeRdrSecUpd11002.msp
[2013/10/16 13:58:25 | 000,001,368 | ---- | C] () -- C:\Users\Maryling\Desktop\iTunes64Setup_11.1.1.11.wsf
[2013/10/16 13:58:24 | 067,772,416 | ---- | C] () -- C:\Users\Maryling\Desktop\iTunes64.msi
[2013/10/16 13:58:24 | 012,152,832 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleMobileDeviceSupport64.msi
[2013/10/16 13:58:24 | 002,682,368 | ---- | C] () -- C:\Users\Maryling\Desktop\Bonjour64.msi
[2013/10/16 13:58:24 | 002,323,456 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleSoftwareUpdate.msi
[2013/10/16 13:58:23 | 021,402,624 | ---- | C] () -- C:\Users\Maryling\Desktop\AppleApplicationSupport.msi
[2013/10/15 12:15:11 | 534,397,771 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/10/15 08:39:06 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/10/15 08:39:04 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/08 15:49:57 | 002,863,579 | ---- | C] () -- C:\Users\Maryling\Documents\Praxis.pdf
[2013/10/08 15:48:32 | 002,863,579 | ---- | C] () -- C:\Users\Maryling\Documents\Praxis1.pdf
[2013/09/24 12:49:23 | 000,332,772 | ---- | C] () -- C:\Users\Maryling\Documents\YMCA.pdf
[2013/09/23 13:54:50 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/06 23:40:33 | 000,000,092 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/09/06 23:40:33 | 000,000,024 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/09/06 20:58:13 | 000,000,335 | ---- | C] () -- C:\windows\BRRBCOM.INI
[2013/09/06 20:57:32 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/09/06 20:56:56 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/09/06 20:56:54 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/09/06 20:44:42 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2013/09/06 20:43:52 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2013/09/06 20:35:29 | 000,000,115 | ---- | C] () -- C:\windows\{88B5FBDC-967D-4B1F-B291-39284AE12201}.ini
[2013/09/04 22:00:13 | 000,000,600 | ---- | C] () -- C:\Users\Maryling\PUTTY.RND
[2013/09/04 10:42:09 | 000,000,071 | RHS- | C] () -- C:\ProgramData\3002.xml
[2013/09/04 10:42:07 | 000,018,208 | RHS- | C] () -- C:\ProgramData\3002.abs
[2013/04/18 09:49:06 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2013/04/18 09:49:06 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2013/04/18 09:49:06 | 000,014,479 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2013/04/18 09:49:06 | 000,004,200 | ---- | C] () -- C:\windows\remove.ini
[2013/04/18 09:49:06 | 000,004,088 | ---- | C] () -- C:\windows\Dext_12.ini
[2013/04/18 09:49:06 | 000,004,036 | ---- | C] () -- C:\windows\Dext_27.ini
[2013/04/18 09:49:06 | 000,004,036 | ---- | C] () -- C:\windows\Dext_21.ini
[2013/04/18 09:49:06 | 000,004,032 | ---- | C] () -- C:\windows\Dext_25.ini
[2013/04/18 09:49:06 | 000,003,940 | ---- | C] () -- C:\windows\Dext_11.ini
[2013/04/18 09:49:06 | 000,003,934 | ---- | C] () -- C:\windows\Dext_14.ini
[2013/04/18 09:49:06 | 000,003,860 | ---- | C] () -- C:\windows\Dext_10.ini
[2013/04/18 09:49:06 | 000,003,844 | ---- | C] () -- C:\windows\Dext_16.ini
[2013/04/18 09:49:06 | 000,003,808 | ---- | C] () -- C:\windows\Dext_08.ini
[2013/04/18 09:49:06 | 000,003,790 | ---- | C] () -- C:\windows\Dext_31.ini
[2013/04/18 09:49:06 | 000,003,776 | ---- | C] () -- C:\windows\Dext_1046.ini
[2013/04/18 09:49:06 | 000,003,774 | ---- | C] () -- C:\windows\Dext_36.ini
[2013/04/18 09:49:06 | 000,003,750 | ---- | C] () -- C:\windows\Dext_20.ini
[2013/04/18 09:49:06 | 000,003,740 | ---- | C] () -- C:\windows\Dext_22.ini
[2013/04/18 09:49:06 | 000,003,714 | ---- | C] () -- C:\windows\Dext_06.ini
[2013/04/18 09:49:06 | 000,003,650 | ---- | C] () -- C:\windows\Dext_07.ini
[2013/04/18 09:49:06 | 000,003,644 | ---- | C] () -- C:\windows\Dext_19.ini
[2013/04/18 09:49:06 | 000,003,636 | ---- | C] () -- C:\windows\Dext_24.ini
[2013/04/18 09:49:06 | 000,003,570 | ---- | C] () -- C:\windows\Dext_29.ini
[2013/04/18 09:49:06 | 000,003,456 | ---- | C] () -- C:\windows\Dext_30.ini
[2013/04/18 09:49:06 | 000,003,316 | ---- | C] () -- C:\windows\Dext_09.ini
[2013/04/18 09:49:06 | 000,003,268 | ---- | C] () -- C:\windows\Dext_13.ini
[2013/04/18 09:49:06 | 000,002,828 | ---- | C] () -- C:\windows\Dext_17.ini
[2013/04/18 09:49:06 | 000,002,744 | ---- | C] () -- C:\windows\Dext_18.ini
[2013/04/18 09:49:06 | 000,002,700 | ---- | C] () -- C:\windows\Dext_2052.ini
[2013/04/18 09:49:05 | 000,003,940 | ---- | C] () -- C:\windows\Dext_05.ini
[2013/04/18 09:49:05 | 000,003,660 | ---- | C] () -- C:\windows\Dext_02.ini
[2013/04/18 09:49:05 | 000,003,532 | ---- | C] () -- C:\windows\Dext_01.ini
[2013/04/18 09:49:05 | 000,002,912 | ---- | C] () -- C:\windows\Dext_04.ini
[2012/11/03 23:17:56 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/11/03 23:16:02 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012/11/03 21:28:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/11/03 20:42:40 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbffhe.sys
[2012/09/23 18:12:02 | 000,000,281 | ---- | C] () -- C:\windows\EEFPrinter.exe.config
[2012/04/24 11:18:42 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\GNetParserX.dll
[2012/04/24 11:18:40 | 000,225,280 | ---- | C] () -- C:\windows\SysWow64\GN32.DLL
[2012/04/24 11:18:40 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\ExpLoansFromGenesis.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/03 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/10/11 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\ControlCenter4
[2012/11/03 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\DigitalPersona
[2013/09/05 14:48:38 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Encompass
[2013/09/05 15:10:16 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\ePASS
[2013/04/18 09:25:41 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\IDT
[2013/09/06 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Nuance
[2013/06/03 19:45:43 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\SanDisk
[2012/11/03 20:27:43 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Sierra Wireless
[2012/11/03 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\Synaptics
[2012/11/26 19:18:59 | 000,000,000 | ---D | M] -- C:\Users\Maryling\AppData\Roaming\TestApp

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP