Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trovi Infection - all browsers - IE/Firefox/Opera [Solved]

Trovi

  • This topic is locked This topic is locked

#1
jwww

jwww

    Member

  • Member
  • PipPip
  • 13 posts

Hello,

 

I tried to uninstall but now trovi is changing my home page and causing strange popups.

 

Thanks in advance!

 

JW


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi jwww, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #2 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Scan with OTL
    • Please download OldTimer's Listit by OldTimer from one of the following locations and save it to your Desktop.
      Download Link 1
      Download Link 2
      Downlaod LInk 3
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      rpcss.dll
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • AdwCleaner Log
    • Junkware Removal Tool Log
    • OTL Log(s) --
      • OTL.txt
      • Extras.txt
Regards,
Valinorum
  • 0

#3
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
# AdwCleaner v3.212 - Report created 19/06/2014 at 12:05:50
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : John - PCNAME
# Running from : C:\Users\John\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\John\AppData\Local\SearchProtect
Folder Deleted : C:\Users\John\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
File Deleted : C:\END
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2mywvu7d.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2mywvu7d.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2mywvu7d.default\prefs.js ]
 
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=MF0B268E0-87F8-495A-B60F-93B8403392D3&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP293E92FA-2A99-475[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=MF0B268E0-87F8-495A-B60F-93B8403392D3&SearchSource=55&CUI=&UM=2&UP=SP293E92FA-2A99-475E-A8BA-7B56C721E5E7&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3329903&octid=EB_ORIGINAL_CTID&ISID=MF0B268E0-87F8-495A-B60F-93B8403392D3&SearchSource=55&CUI=&UM=2&UP=SP293E92FA-2A99-475E-A8BA-7B56C721E5E7&SSPV=
Deleted [Extension] : igckfjdcbkimejmjmpmebffdjjjgncfn
 
*************************
 
AdwCleaner[R0].txt - [3533 octets] - [19/06/2014 12:03:16]
AdwCleaner[S0].txt - [3383 octets] - [19/06/2014 12:05:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3443 octets] ##########

  • 0

#4
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by John on Thu 06/19/2014 at 12:23:25.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2mywvu7d.default\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/19/2014 at 12:29:29.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#5
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 6/19/2014 12:32:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 61.81% Memory free
12.37 Gb Paging File | 9.33 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.17 Gb Total Space | 828.18 Gb Free Space | 90.50% Space Free | Partition Type: NTFS
Drive E: | 496.00 Mb Total Space | 446.02 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive X: | 350.00 Mb Total Space | 36.17 Mb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive Y: | 14.87 Gb Total Space | 0.71 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
 
Computer Name: PCNAME | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/19 12:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/06/19 12:19:51 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\John\Downloads\JRT.exe
PRC - [2014/06/18 13:52:40 | 046,805,112 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
PRC - [2014/06/18 13:52:40 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
PRC - [2014/05/29 04:16:32 | 000,241,344 | ---- | M] () -- C:\Program Files\pcmax\pcmax.exe
PRC - [2014/05/25 08:13:48 | 000,079,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/05/25 08:13:13 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014/05/25 08:12:17 | 018,930,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
PRC - [2014/05/23 15:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
PRC - [2014/05/09 08:39:20 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/03/22 09:32:06 | 000,694,760 | ---- | M] (Starfield Technologies) -- C:\Users\John\AppData\Local\Workspace\workspacestatus.exe
PRC - [2014/02/27 14:59:24 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2014/02/27 14:58:16 | 001,215,816 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
PRC - [2014/02/27 14:20:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2014/02/27 11:49:54 | 003,775,800 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/09 20:21:34 | 004,134,928 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/10/09 20:21:24 | 001,915,408 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/10/09 20:19:54 | 000,493,072 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/09/16 10:14:50 | 001,569,488 | ---- | M] (Starfield Technologies, LLC) -- C:\Users\John\AppData\Local\Workspace\wben.exe
PRC - [2013/08/21 19:54:00 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2013/08/19 10:03:56 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2013/07/09 12:31:22 | 001,011,696 | ---- | M] (Starfield Technologies, LLC) -- C:\Users\John\AppData\Local\Workspace\outsync.exe
PRC - [2012/12/02 23:18:30 | 000,111,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/11/19 12:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/23 14:43:52 | 000,102,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/03/30 15:00:56 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/18 13:52:40 | 001,396,344 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
MOD - [2014/06/18 13:52:39 | 000,957,048 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.70\ffmpegsumo.dll
MOD - [2014/06/18 13:52:39 | 000,877,688 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.70\libGLESv2.dll
MOD - [2014/06/18 13:52:39 | 000,135,800 | ---- | M] () -- C:\Program Files (x86)\Opera\22.0.1471.70\libEGL.dll
MOD - [2014/05/25 08:12:04 | 001,032,360 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\ADDINS\UmOutlookAddin.dll
MOD - [2014/05/17 14:41:42 | 002,964,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\15e0783372e02bd437cab8ac76420124\System.IdentityModel.ni.dll
MOD - [2014/05/17 14:41:39 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\5469450e1191312ab587b6ce0f660f0f\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/05/17 14:41:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\6b32db57e0a4d65caa47d67dfea865e8\IAStorCommon.ni.dll
MOD - [2014/05/17 14:41:35 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\6997dc244b1818c79885f5abe24fd492\IAStorUtil.ni.dll
MOD - [2014/05/17 14:41:33 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02\System.ServiceModel.Internals.ni.dll
MOD - [2014/05/17 14:41:33 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1\SMDiagnostics.ni.dll
MOD - [2014/05/17 14:41:21 | 013,567,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\90285827b1300835ca1aaff1dff83a01\System.Web.ni.dll
MOD - [2014/05/17 14:41:06 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll
MOD - [2014/05/17 14:39:23 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6f7a4225a199ad7894379512ca6ae50c\System.Xml.Linq.ni.dll
MOD - [2014/05/17 14:39:22 | 007,802,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014/05/17 14:39:14 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\10483ca149b5c651d217edbf2f3169b4\System.Xaml.ni.dll
MOD - [2014/05/17 14:39:12 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99\System.Windows.Forms.ni.dll
MOD - [2014/05/17 14:39:00 | 000,653,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\95c749867e5f72a09ed1e59a57931301\System.Transactions.ni.dll
MOD - [2014/05/17 14:38:58 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014/05/17 14:38:31 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014/05/17 14:38:27 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\d1e6b39e15536aaa5fb9b1cacf8b18aa\System.Management.ni.dll
MOD - [2014/05/17 14:38:27 | 000,522,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\5ba9e9e2d2253e30f3f28e12016e441d\System.Net.Http.ni.dll
MOD - [2014/05/17 14:38:25 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c\System.Drawing.ni.dll
MOD - [2014/05/17 14:38:17 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014/05/17 14:38:16 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e1c86f334a29d92ca264950085cd817e\PresentationFramework.Aero2.ni.dll
MOD - [2014/05/17 14:38:15 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\92388fbe99436e6ed1f56ee56f10c565\PresentationFramework.ni.dll
MOD - [2014/05/17 14:37:57 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\619034abb9a9fb1b3dc32c0a9aa38d3c\PresentationCore.ni.dll
MOD - [2014/05/17 14:37:44 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\9bbf715cfb5360c95acd27b199083854\WindowsBase.ni.dll
MOD - [2014/05/17 14:37:38 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014/05/17 14:37:30 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014/05/17 14:37:18 | 000,043,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\9c87f327866f53aec68d4fee40cde33d\Accessibility.ni.dll
MOD - [2014/05/06 09:13:44 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/12 11:50:59 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/04/12 11:48:17 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/02/27 14:59:00 | 000,142,664 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL
MOD - [2014/02/27 14:58:58 | 000,149,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
MOD - [2014/02/27 14:58:54 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL
MOD - [2014/02/27 14:58:46 | 000,043,848 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
MOD - [2014/02/27 14:58:38 | 000,623,944 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
MOD - [2014/02/27 14:58:36 | 000,778,056 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.DLL
MOD - [2014/02/27 14:58:26 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
MOD - [2014/02/27 14:58:24 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
MOD - [2014/02/27 14:58:20 | 000,581,960 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
MOD - [2013/10/11 14:21:02 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2013/10/05 21:25:07 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/19 10:03:42 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
MOD - [2012/11/25 23:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/25 23:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/12 07:52:13 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 04:16:32 | 000,241,344 | ---- | M] () [Auto | Running] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV:64bit: - [2014/05/16 04:40:06 | 002,266,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/05/14 09:18:58 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/05/14 09:18:50 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/05/14 09:18:35 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/05/12 19:06:46 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/05/06 09:13:29 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/05/02 17:35:32 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/04/06 04:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/04/02 19:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/23 19:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 19:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/13 23:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/06 00:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 08:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 02:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/11/22 21:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/28 17:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/08/28 17:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/08/28 17:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/08/28 17:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/06/18 20:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/23 15:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/11 09:03:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/13 23:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/27 14:20:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/12 11:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/10/10 05:21:56 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2013/10/09 20:21:24 | 001,915,408 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/10/04 00:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/19 10:03:56 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/16 14:52:47 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/05/14 09:18:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/05/14 09:18:51 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/05/12 19:06:16 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/05/02 17:36:40 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/05/02 17:36:33 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/05/02 17:36:33 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/05/02 17:36:17 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/05/02 17:35:26 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/05/02 17:35:23 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/05/01 06:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/31 23:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/23 19:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 19:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 19:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/13 05:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 13:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 13:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 18:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/18 20:28:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/18 20:28:15 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/12/18 20:28:15 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/14 00:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 00:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 00:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 00:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/10/08 23:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/10/04 00:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/26 19:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 02:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 02:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/09/25 19:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 19:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 19:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 18:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 07:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/11 02:13:20 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/21 00:24:02 | 000,466,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/21 00:24:02 | 000,032,136 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/12/21 00:24:00 | 000,028,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/12/19 15:37:34 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/12/19 15:37:34 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/12/04 16:50:56 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/10/09 18:48:48 | 000,188,896 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/10/09 18:48:48 | 000,047,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/08/29 08:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 11:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/02/15 06:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/06/16 15:42:48 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140618.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/06/16 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.003\ex64.sys -- (NAVEX15)
DRV - [2014/06/16 01:00:00 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/16 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/16 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.003\eng64.sys -- (NAVENG)
DRV - [2014/06/06 18:04:12 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A5F3623A-FC82-4901-A36E-3D166C174112}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A5F3623A-FC82-4901-A36E-3D166C174112}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A5F3623A-FC82-4901-A36E-3D166C174112}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: wbepaste%40starfield:1.3
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1113
FF - prefs.js..extensions.enabledAddons: boost%40boost.net:3.0.0.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\John\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\John\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\John\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\John\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/16 14:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/19 12:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/03/22 09:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Extensions
[2014/06/15 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\2mywvu7d.default\extensions
[2014/06/15 10:17:48 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\John\AppData\Roaming\mozilla\Firefox\Profiles\2mywvu7d.default\extensions\[email protected]
[2014/05/15 12:42:26 | 000,041,473 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2mywvu7d.default\extensions\[email protected]
[2014/05/11 09:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 09:03:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/18 15:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/06/18 15:00:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/22 09:32:01 | 000,000,000 | ---D | M] (WBE Paste) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Trovi search (Enabled)
CHR - default_search_provider: search_url = http://www.trovi.com...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.secci...={searchTerms},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [ogcsn] C:\Users\John\AppData\Local\Workspace\outsync.exe (Starfield Technologies, LLC)
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [wben] C:\Users\John\AppData\Local\Workspace\wben.exe (Starfield Technologies, LLC)
O4 - HKCU..\Run: [Workspace Status] C:\Users\John\AppData\Local\Workspace\workspacestatus.exe (Starfield Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC1F8101-DFBD-4AF9-833D-28A07551BB26}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{892fa6dd-6548-11e3-be81-681729cdf1da}\Shell - "" = AutoRun
O33 - MountPoints2\{892fa6dd-6548-11e3-be81-681729cdf1da}\Shell\AutoRun\command - "" = "E:\VZW_Software_upgrade_assistant.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/19 12:03:36 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/06/18 12:20:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2014/06/16 15:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/06/16 14:59:13 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symnets.sys
[2014/06/16 14:59:13 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symelam.sys
[2014/06/16 14:59:12 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symefa64.sys
[2014/06/16 14:59:12 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symds64.sys
[2014/06/16 14:59:12 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys
[2014/06/16 14:59:11 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys
[2014/06/16 14:59:11 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\ironx64.sys
[2014/06/16 14:59:11 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys
[2014/06/16 14:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C
[2014/06/16 14:52:47 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/16 14:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/06/16 14:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\N360x64
[2014/06/16 14:51:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/06/16 14:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/06/16 14:51:12 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Symantec
[2014/06/16 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/06/16 14:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/06/16 14:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/06/16 11:44:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/14 23:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/12 13:45:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Opera Software
[2014/06/12 13:45:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Opera Software
[2014/06/12 13:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/06/12 10:21:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Windows Live
[2014/05/30 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/19 12:17:12 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/19 12:16:47 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/19 12:16:29 | 000,887,272 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/06/19 12:16:29 | 000,749,048 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/06/19 12:16:29 | 000,141,330 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/06/19 12:11:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/19 12:10:13 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/06/19 12:09:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/19 12:09:27 | 2467,315,711 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/19 12:09:20 | 002,865,242 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/19 12:02:25 | 001,333,465 | ---- | M] () -- C:\Users\John\Desktop\AdwCleaner.exe
[2014/06/19 11:56:13 | 000,000,136 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014/06/19 11:44:01 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/17 01:30:53 | 000,039,538 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 14:52:47 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/16 14:52:47 | 000,008,222 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/16 14:52:47 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/16 14:48:02 | 000,001,294 | ---- | M] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2014/06/15 10:13:15 | 000,883,630 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/15 10:06:54 | 000,392,952 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/06/13 21:04:45 | 015,390,969 | R--- | M] () -- C:\Users\John\Desktop\Nikhil K Goel.rar
[2014/06/12 13:45:14 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/06/09 15:54:54 | 000,112,225 | ---- | M] () -- C:\Users\John\Desktop\W9.pdf
[2014/05/29 13:19:06 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2014/05/23 15:20:02 | 000,000,172 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/05/22 13:19:48 | 000,682,344 | ---- | M] () -- C:\Users\John\Desktop\Backgroundchecks.com Guide.pdf
 
========== Files Created - No Company Name ==========
 
[2014/06/19 12:08:17 | 002,865,242 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/19 12:02:27 | 001,333,465 | ---- | C] () -- C:\Users\John\Desktop\AdwCleaner.exe
[2014/06/19 11:56:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014/06/17 10:20:41 | 000,039,538 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 14:59:13 | 000,009,939 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symelam64.cat
[2014/06/16 14:59:13 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symnet64.cat
[2014/06/16 14:59:13 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symnet.inf
[2014/06/16 14:59:13 | 000,001,098 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symelam.inf
[2014/06/16 14:59:12 | 000,008,196 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtspx64.cat
[2014/06/16 14:59:12 | 000,008,194 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symefa64.cat
[2014/06/16 14:59:12 | 000,008,188 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symds64.cat
[2014/06/16 14:59:12 | 000,003,433 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symefa.inf
[2014/06/16 14:59:12 | 000,002,852 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\symds.inf
[2014/06/16 14:59:12 | 000,001,420 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtspx64.inf
[2014/06/16 14:59:11 | 000,008,202 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\ccsetx64.cat
[2014/06/16 14:59:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtsp64.cat
[2014/06/16 14:59:11 | 000,008,184 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\iron.cat
[2014/06/16 14:59:11 | 000,001,437 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\srtsp64.inf
[2014/06/16 14:59:11 | 000,000,855 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\ccsetx64.inf
[2014/06/16 14:59:11 | 000,000,767 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\iron.inf
[2014/06/16 14:58:48 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/06/16 14:52:47 | 000,008,222 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/16 14:52:47 | 000,000,854 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/16 14:52:46 | 000,002,462 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/06/16 14:48:02 | 000,001,294 | ---- | C] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2014/06/14 07:47:58 | 015,390,969 | R--- | C] () -- C:\Users\John\Desktop\Nikhil K Goel.rar
[2014/06/12 13:45:14 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/06/12 13:45:14 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/06/09 15:54:54 | 000,112,225 | ---- | C] () -- C:\Users\John\Desktop\W9.pdf
[2014/05/22 13:19:47 | 000,682,344 | ---- | C] () -- C:\Users\John\Desktop\Backgroundchecks.com Guide.pdf
[2014/04/22 16:01:37 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/07 23:44:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD7840W.DAT
[2014/03/25 13:58:01 | 000,150,944 | R--- | C] () -- C:\WINDOWS\Wiainst64.exe
[2014/03/25 13:57:29 | 001,554,336 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe
[2014/03/25 12:51:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/03/18 07:20:35 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/20 22:49:40 | 000,007,611 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/10/05 10:40:38 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/10/05 01:26:44 | 000,000,937 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/10/05 01:26:44 | 000,000,130 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/10/05 01:26:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll
[2013/10/05 01:26:11 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/10/05 01:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/10/05 01:26:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/10/05 01:26:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2013/10/05 01:08:25 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/10/04 00:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/04 00:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/04 00:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/22 22:53:42 | 000,883,630 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/02/28 22:05:28 | 000,511,488 | ---- | C] () -- C:\Program Files (x86)\lame_enc.dll
 
========== ZeroAccess Check ==========
 
[2013/12/20 20:24:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 09:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 08:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/08 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ControlCenter4
[2013/10/04 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2014/06/12 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Opera Software
[2013/10/06 12:55:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PC-FAX TX
[2013/10/05 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCDr
[2014/03/25 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Samsung
[2014/02/20 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2014/05/14 09:19:04 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2014/02/22 05:06:28 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 02:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 03:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2014/03/08 00:01:57 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/21 19:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/21 19:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 03:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 03:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2014/05/12 19:06:19 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2013/11/14 00:25:25 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2013/11/14 00:25:33 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2014/03/04 00:13:06 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 02:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 04:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/21 21:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2013/11/14 00:29:00 | 000,433,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 02:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2014/03/26 20:15:43 | 000,718,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 02:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 02:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 06:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2014/05/12 19:06:21 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 02:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 04:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2014/05/06 09:13:54 | 000,534,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2014/05/12 19:06:19 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 04:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 06:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2014/04/08 20:33:54 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2014/03/26 20:46:01 | 000,323,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 02:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/21 19:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/12/31 16:57:55 | 001,214,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 03:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/21 20:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 03:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2014/03/03 23:50:11 | 000,220,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2014/03/26 20:10:11 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/04/06 04:01:37 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2014/04/06 04:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2014/03/23 19:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 02:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 02:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 03:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 04:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/21 20:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 02:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/04/10 19:52:40 | 003,464,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 03:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2014/03/18 22:02:08 | 001,527,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 02:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is BAB0-E345
 Directory of C:\
08/22/2013  07:45 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
08/22/2013  07:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  07:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  07:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  07:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  07:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
08/22/2013  07:45 AM    <SYMLINKD>     All Users [C:\ProgramData]
08/22/2013  07:45 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
08/22/2013  07:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  07:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  07:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  07:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  07:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
08/22/2013  07:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013  07:45 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013  07:45 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
08/22/2013  07:45 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
08/22/2013  07:45 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013  07:45 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013  07:45 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013  07:45 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013  07:45 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013  07:45 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
08/22/2013  07:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
08/22/2013  07:45 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013  07:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013  07:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
08/22/2013  07:45 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
08/22/2013  07:45 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
08/22/2013  07:45 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default.migrated\Documents
07/26/2012  12:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/26/2012  12:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/26/2012  12:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\John
12/18/2013  08:41 PM    <JUNCTION>     Application Data [C:\Users\John\AppData\Roaming]
12/18/2013  08:41 PM    <JUNCTION>     Cookies [C:\Users\John\AppData\Local\Microsoft\Windows\INetCookies]
12/18/2013  08:41 PM    <JUNCTION>     Local Settings [C:\Users\John\AppData\Local]
12/18/2013  08:41 PM    <JUNCTION>     My Documents [C:\Users\John\Documents]
12/18/2013  08:41 PM    <JUNCTION>     NetHood [C:\Users\John\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/18/2013  08:41 PM    <JUNCTION>     PrintHood [C:\Users\John\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/18/2013  08:41 PM    <JUNCTION>     Recent [C:\Users\John\AppData\Roaming\Microsoft\Windows\Recent]
12/18/2013  08:41 PM    <JUNCTION>     SendTo [C:\Users\John\AppData\Roaming\Microsoft\Windows\SendTo]
12/18/2013  08:41 PM    <JUNCTION>     Start Menu [C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu]
12/18/2013  08:41 PM    <JUNCTION>     Templates [C:\Users\John\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\John\AppData\Local
12/18/2013  08:41 PM    <JUNCTION>     Application Data [C:\Users\John\AppData\Local]
12/18/2013  08:41 PM    <JUNCTION>     History [C:\Users\John\AppData\Local\Microsoft\Windows\History]
12/18/2013  08:41 PM    <JUNCTION>     Temporary Internet Files [C:\Users\John\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\John\AppData\Local\Microsoft\Windows
12/18/2013  08:41 PM    <JUNCTION>     Temporary Internet Files [C:\Users\John\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\John\AppData\Local\Microsoft\Windows\INetCache
12/18/2013  09:05 PM    <JUNCTION>     Content.IE5 [C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low
12/18/2013  09:09 PM    <JUNCTION>     Content.IE5 [C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\John\Documents
12/18/2013  08:41 PM    <JUNCTION>     My Music [C:\Users\John\Music]
12/18/2013  08:41 PM    <JUNCTION>     My Pictures [C:\Users\John\Pictures]
12/18/2013  08:41 PM    <JUNCTION>     My Videos [C:\Users\John\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\John\SkyDrive\Documents\ECS\Invoices
12/28/2013  05:41 PM          (29,731) VCE_Subcontractor_Invoice_CoverSheet_5076.xlsx
               1 File(s)         29,731 bytes
 Directory of C:\Users\John\SkyDrive\Documents\ECS\Payroll
12/26/2013  02:11 PM          (23,620) BLI Payroll 12-15-13.xlsx
12/26/2013  02:12 PM          (23,619) BLI Payroll 12-31-13.xlsx
12/01/2013  07:10 PM          (26,483) Employment Verification-S Kesinenii.docx
               3 File(s)         73,722 bytes
 Directory of C:\Users\Public\Documents
08/22/2013  07:45 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
08/22/2013  07:45 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
08/22/2013  07:45 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
06/14/2014  11:42 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
06/14/2014  11:42 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
     Total Files Listed:
               4 File(s)        103,453 bytes
              57 Dir(s)  888,734,437,376 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2014/03/04 04:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\SysWOW64\explorer.exe
[2014/03/04 04:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014/05/17 15:24:54 | 000,015,546 | ---- | M] () MD5=347EFF7EC89C3EB4F72F2408E1C4E16D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014/05/17 15:24:49 | 000,238,918 | ---- | M] () MD5=5177BB4FECDDB9CDBCF10EF65916968D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2014/05/17 14:51:11 | 000,169,957 | ---- | M] () MD5=6D919C26DCB567396CD2E119B8E4310E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014/03/04 05:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\explorer.exe
[2014/03/04 05:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014/05/17 14:51:08 | 000,283,735 | ---- | M] () MD5=FA98C5D746E7C9E0912E88AC44FF9926 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2014/05/17 14:45:43 | 000,172,806 | ---- | M] () MD5=2D13BAB0B28A50346143B983D1EAA0BC -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2014/05/12 19:06:19 | 000,753,664 | ---- | M] (Microsoft Corporation) MD5=81979817943D830BF24571B7C1B28A1A -- C:\WINDOWS\SysNative\rpcss.dll
[2014/05/12 19:06:19 | 000,753,664 | ---- | M] (Microsoft Corporation) MD5=81979817943D830BF24571B7C1B28A1A -- C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
 
< MD5 for: SERVICES  >
[2013/08/22 08:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 06:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.CSS  >
[2013/08/19 09:58:38 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2014\Components\Services\services.css
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 21:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\John\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2014/03/28 08:58:34 | 000,407,016 | ---- | M] (Microsoft Corporation) MD5=067CB90C277DB4A737D5DEABA3055972 -- C:\WINDOWS\SysNative\services.exe
[2014/03/28 08:58:34 | 000,407,016 | ---- | M] (Microsoft Corporation) MD5=067CB90C277DB4A737D5DEABA3055972 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17084_none_2fd708ffd09a6815\services.exe
[2014/06/16 10:58:10 | 000,082,895 | ---- | M] () MD5=892D1838D0C77D4734F7E21F064CD06C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2013/11/14 00:14:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/11/14 00:14:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.261_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 09:51:09 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2013/08/21 23:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 23:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 23:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2013/06/18 07:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 07:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
 
< MD5 for: SERVICES.MSC  >
[2013/11/14 00:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 07:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/11/14 00:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 05:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/11/14 00:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 07:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 05:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/11/14 00:14:19 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
 
< MD5 for: SERVICES.PNG  >
[2013/06/05 22:00:24 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\My Dell\images\icons\png\24_24\services.png
 
< MD5 for: SERVICES.PTXML  >
[2013/08/21 23:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/21 23:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2013/08/21 22:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/21 22:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2013/08/22 05:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\WINDOWS\SysNative\svchost.exe
[2013/08/22 05:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2013/08/22 03:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\WINDOWS\SysNative\userinit.exe
[2013/08/22 03:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2013/08/21 19:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/21 19:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/02 17:35:28 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/05/02 17:35:28 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe
[2014/05/17 15:16:56 | 000,089,459 | ---- | M] () MD5=E40DC8DF924E02F04F3620DBAC1ACE31 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\John\SkyDrive:ms-properties
 
< End of report >

  • 0

#6
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Extras logfile created on: 6/19/2014 12:32:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 61.81% Memory free
12.37 Gb Paging File | 9.33 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.17 Gb Total Space | 828.18 Gb Free Space | 90.50% Space Free | Partition Type: NTFS
Drive E: | 496.00 Mb Total Space | 446.02 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive X: | 350.00 Mb Total Space | 36.17 Mb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive Y: | 14.87 Gb Total Space | 0.71 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
 
Computer Name: PCNAME | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034EC982-EAFD-4F69-BCEE-2552EF86216E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{3BA3C58F-58FE-41E1-8CAD-6DD4DCFE4945}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E60CACA-3509-4939-97FC-461311A59DAA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{48AE9B9F-AFF5-4417-AF54-D6F79620B8C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6ECD1369-6EC6-4EE5-8D14-D13A20F8EE67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F441E59-6FE8-4DF2-8DB2-1AD26DBC0FBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7675B1E2-8C80-4689-B69C-702ACE7812AC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{80C0E62C-BB13-4EFB-AA80-76E251E1B13C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AB26F000-F39F-45D5-9B63-5798248EF306}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEBB3ECC-735B-4472-B6CF-C8A94FCD1377}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE319A6D-6A93-48B6-93F2-77B85D65B4AF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C1C0AF62-6A7F-4E4D-88E2-026CED60F7F4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E12B49B5-B3F0-4EDB-ADA7-C113CC98B8FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5F0174D-0273-4801-8409-E8834E3D588D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01032521-B220-4628-8D2E-3CF46B458334}" = dir=out | name=check point vpn | 
"{0112D1AE-2BA1-41A0-B86F-2F40FBB51C7F}" = dir=in | app=c:\users\john\appdata\local\temp\nex12ff\speedmax.exe | 
"{017A0D66-6256-4FD9-95A3-76A81E558105}" = dir=in | app=c:\users\john\appdata\local\temp\updater_132806.exe | 
"{049789C3-6347-405D-A21A-B9788F7461F0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{0819B0B7-94A7-4BDB-83CD-A8199E3A95F6}" = dir=out | name=dell shop | 
"{084B1C74-297B-4CBB-A039-874C235F2358}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | 
"{089843C6-B5F9-4C50-891D-944593EF193F}" = dir=in | name=sonicwall mobile connect | 
"{0C322D8F-B7A6-438A-8BD3-082F27F76815}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F2A3F56-1693-453C-BD95-8E1B6DCEA05F}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{11851D52-C4AB-4D1E-8E49-2ECE48028810}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{163A790F-AE7B-4FC5-85D1-60C5C10A237E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe | 
"{1C7E8160-5C9E-4FD0-A8B1-B8D703ECF68C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe | 
"{1F79BD80-FEFB-4BB5-9F76-061E63AECF4C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2088EA04-49EF-40A3-9E19-C5F742A6DCA7}" = protocol=6 | dir=out | app=system | 
"{242F82D8-18AF-4204-BF9D-B3B3EE39A86E}" = dir=out | name=ebay | 
"{25877378-9220-430B-AAE5-A3542DDF7BD7}" = dir=in | name=mcafee® central for dell | 
"{287490A7-80EB-49CD-8DF4-4FC33E28A617}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2A97C039-6809-4E3F-9C81-48F09F0AAF3F}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{2D43B82A-2DEC-4AC7-B035-11AAB8F71BE6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2D8EC42C-4F88-4A95-B20D-352D440DCA52}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{2DA36D08-5612-4354-9D0F-7ED8D175B193}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3247707C-9A63-41D8-87BF-651E8C2B9B98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{32486730-A8E8-41B6-8F0B-315F6AD8FDEA}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3428EA62-D6CD-4F51-8B53-F4FA5F0127F7}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{36183623-7BE8-4FB2-BB1B-3D12DAE475AC}" = dir=out | name=samsung printer experience | 
"{3F147A92-BD25-4D3C-89A8-13AE0037C56A}" = dir=out | name=juniper networks junos pulse | 
"{40907BA5-62C2-47D9-9023-9D5FFA50D45B}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{444E95EE-E8B7-45CE-8758-9C00B5B797C2}" = dir=in | app=c:\program files\pcmax\service.exe | 
"{44D82491-57E8-4406-A184-28B92221FBC6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{454A63E8-AB56-4205-997A-494C1B8C20B5}" = dir=out | [email protected]{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{463365FF-A03F-41E3-8BD3-C29D07CDCB15}" = dir=out | [email protected]{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{48BB8037-8093-43FD-AB9C-FB928279E915}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{48E48E43-2388-4724-B7A3-EB7F06B85352}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{50BE0338-B65F-44E3-8017-7E32D26F9983}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{545CF515-6EE1-4342-A6AB-6EA88D5A23AB}" = dir=out | app=c:\users\john\appdata\local\temp\file_to_run551121.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{55FE1493-26C1-4E63-AD22-B15C54DEC553}" = dir=in | name=f5 vpn | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{561C6EBE-9A44-4001-B1CC-F0DB2BD5B1E6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{5A10289D-D65E-4E74-BC83-D6A28AA62F1C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5D7F9652-2739-479D-8989-ABAC0001D35B}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{6270D86F-DC03-48E4-9568-7C29FA0B6E46}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{6A8C3394-07C7-441D-B321-D955661279F2}" = dir=in | name=check point vpn | 
"{6A913BFA-C0DB-48D4-9610-D1D4162230F8}" = dir=out | name=windows_ie_ac_001 | 
"{71A7B19E-BCA6-428F-BE93-49D956A61720}" = dir=in | app=c:\program files\pcmax\pcmax.exe | 
"{758F2C7C-3DB7-4034-9E01-48404A8FE929}" = dir=out | name=sonicwall mobile connect | 
"{7693BDE7-28B5-4101-B1FC-6A24BE405293}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{7B47329F-9FFB-4CDE-85B8-6CFBEC2258D2}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7E2B5C25-E446-4CF0-B647-F0A69C8E83C8}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{7F36402A-4627-46AA-A44F-2E1E71CA7A11}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7F56881E-497D-408C-9790-7384118FDB41}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{813B44F0-2076-43C6-99BE-D3237CA1724F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
"{833E9EE3-28CD-4889-94C2-A12B48368929}" = dir=out | name=amazon | 
"{835B5FF5-5534-47C4-9090-C8DFE6705A9B}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{84197CC7-D3FD-4183-8D18-042221286E9E}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{845698EB-11AF-4946-85FB-7B0511D99B06}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{84E12680-47E1-47F4-A0A7-66EC5CE9AFD6}" = dir=in | app=c:\users\john\appdata\local\microsoft\skydrive\skydrive.exe | 
"{854C4236-78C1-49BC-99A3-9832AC84841C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{859D307E-07EE-49FF-8B1B-DB0A48DABAA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{865B6698-E274-4F15-B5F1-20A64E2B3B98}" = dir=out | [email protected]{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{86B447C2-53D9-4710-8CD1-8BCDC29EA440}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | 
"{87702473-76B8-4F3D-B822-F9C7CB085DCA}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{90371A98-D88A-4C37-8023-B79507E14521}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{91F8294A-A466-4502-90C1-936F47D28977}" = dir=out | name=kindle | 
"{969606EA-00B1-4862-AC3D-470FDDAB34F8}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{9711E2B0-9AF0-4173-9FE2-767ED05D0BB9}" = dir=out | name=f5 vpn | 
"{9CD29FAF-9FC5-4250-8F8D-D9E74C86255B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D5427BD-D87D-4718-9CF7-337A6AEAA6E7}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9EA29311-A0B4-4785-B21D-C9475B3078EA}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{A3317B21-4DA0-4A2A-882B-D151D97797AF}" = dir=out | name=samsung printer experience | 
"{A623954D-DEEC-4C98-B2D9-F44891518E07}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{ADA2BDDC-179D-49F2-B138-708DFFF46439}" = dir=in | name=samsung printer experience | 
"{ADF7B53E-1399-4DDE-97C5-475611E61A7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AEDE758C-69A1-46F9-A53B-046E7C63A42C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02C8CC8-FE20-44EF-B63A-A66B66A6BD6C}" = dir=out | name=skype | 
"{B449A472-660C-4581-ACD7-F83B9055B430}" = dir=out | name=windows_ie_ac_001 | 
"{B6EEAC80-C7A0-410A-8623-69818A49B0DC}" = dir=in | name=samsung printer experience | 
"{B7ADC7D8-8CEF-4B3A-8B8C-34C7C6BB9260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C2920C65-EC83-4945-99DB-39588D151609}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C68D6099-43E8-4505-BA01-B3DD0890482E}" = dir=in | name=dell shop | 
"{C8FD7417-A2FB-4B34-92DF-C548E0C200C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CC615650-D7CC-4C01-8014-F30E19203902}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{CDFD5846-76A5-46EA-AE24-C87E6D5C25DE}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{CF709AE3-D208-44BD-ABC9-D65B45EF92AE}" = dir=out | name=mcafee® central for dell | 
"{D03ECDD1-CDFE-4283-8368-D8E0B7F45240}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{D1608203-9CBD-448F-A283-948BC93F4CB3}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{D3E23A3F-8F6A-4862-A221-B8852C69E54F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4D90767-95D3-4C4A-A678-20DEF1EC18D6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{D4DE0E22-DFF7-4318-8F42-32DB1898EF9A}" = dir=in | name=hp all-in-one printer remote | 
"{D6218923-6640-455B-B810-D17B31D0A129}" = dir=out | [email protected]{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DABDBCD0-9CF0-46FE-9C85-4CBEA503B956}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DB6186EF-73E8-4961-920C-134D793F174A}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{DBBA7FC8-51CC-4C0B-9FAC-473B21381B6C}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{DE6C55DF-2F88-40ED-A4A7-6BAE712F0AD8}" = dir=out | app=c:\program files\pcmax\service.exe | 
"{DEEA1239-A43D-4926-AB6B-B5CA5C97AA43}" = dir=out | [email protected]{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{DF703594-5001-481A-A89B-1E31D0F3B16E}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{E0A5EF8C-5F63-4A74-93E9-CFEE9ED9DB59}" = dir=in | name=juniper networks junos pulse | 
"{E0B60BB8-FE8B-4548-AA08-5B4E9826693F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E512F9A5-8260-405C-8169-6E0C411ABC33}" = dir=in | app=c:\users\john\appdata\local\temp\speedmax_1717.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ED484514-4A00-4C15-8578-04ACC2ACF350}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | 
"{ED78AC30-B19A-4C91-B607-E696B6F66A78}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{EDF2B1C9-8634-49C3-A2BC-65C96F113E0C}" = dir=out | app=c:\program files\pcmax\pcmax.exe | 
"{EDFEA5D2-CE23-46DB-BAA3-701160A4AD55}" = dir=out | name=hp all-in-one printer remote | 
"{F04638A8-84D6-408C-970D-9386331FA31D}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 | 
"{F6DB5217-4083-45AC-BD57-1223D0C23E83}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F999E189-8CA8-4BBC-BD5A-D8233CE15873}" = dir=in | name=skype | 
"{FB928214-B041-4B2A-830F-8977EA2BC57C}" = dir=in | app=c:\users\john\appdata\local\temp\file_to_run551121.exe | 
"{FC08A196-0A40-4D76-9F79-21CA2537D5CF}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel® PRO/Wireless Driver
"{1CF5754A-545B-4360-BFDE-2847BC728DFC}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel® WiDi
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel® Turbo Boost Technology Monitor 2.6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A03B53-927D-4454-A456-CB0A72A4912F}" = HP Deskjet 3520 series Basic Device Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}" = QuickBooks Runtime Redistributable
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"OutlookRetail - en-us" = Microsoft Outlook 2013 - en-us
"PC-Doctor for Windows" = My Dell
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon 1Button App for Windows Taskbar
"{0CFC5C64-A7D1-42C0-B8BF-03DFF0E6C54E}" = QuickBooks File Doctor
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32199E94-CA76-4BA8-B0B6-76A856A5DA98}" = QBWebConnector
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}" = QuickBooks
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}" = QuickBooks Pro 2014
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC76BA86-7AD7-2530-0000-A00000000004}" = Extended Asian Language font pack for Adobe Reader XI
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{B96348BD-6B0D-42E3-80B1-FA6718067BFE}" = Dell Digital Delivery
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"GoldWave v5.70" = GoldWave v5.70
"Google Chrome" = Google Chrome
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"Opera 22.0.1471.70" = Opera Stable 22.0.1471.70
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung OCR Software" = Samsung OCR Software
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"Samsung SCX-3400 Series" = Samsung SCX-3400 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"GoToMeeting" = GoToMeeting 5.9.0.1216
"OneDriveSetup.exe" = Microsoft OneDrive
"workspacedesktop" = Workspace Desktop
 
< End of report >

  • 0

#7
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello Valinorum,

 

Thanks so much for your help!!! I followed your instructions and posted the log files. 

 

 

Regards,

John


  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi jwww, :)

How is your computer performing? Reset Google Chrome by perusing this
  • Step #4 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
      O4 - HKLM..\Run: [] File not found

      :Files
      ipconfig /flushdns /c

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • OTL Fix Log
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#9
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Valinorum,

 

Update: laptop seems to be operating well. However, Firefox still has pop ups in the lower part of the screen. I will follow the steps above for Chrome. So far IE and Opera back to normal. 

 

Thanks again,

 

John


  • 0

#10
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

 All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Downloads\cmd.bat deleted successfully.
C:\Users\John\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: John
->Temp folder emptied: 19082308 bytes
->Temporary Internet Files folder emptied: 559412128 bytes
->FireFox cache emptied: 218413743 bytes
->Google Chrome cache emptied: 6711972 bytes
->Flash cache emptied: 28092 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3926599 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 770.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06232014_114458
 
Files\Folders moved on Reboot...
File\Folder C:\Users\John\AppData\Local\Temp\JETB32D.tmp not found!
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\UB0NQQH0\localstorage[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\UB0NQQH0\postings-concat.min[1].js moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\NC0YKYJC\fontawesome-webfont[1].eot moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\NC0YKYJC\openhand_8_8[2].bmp moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\KYI0MZG1\closedhand_8_8[1].bmp moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\KYI0MZG1\listings[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\GPAYZA1J\4531152054[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\FJBZFTUN\index[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\CEFFUYXQ\apa[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\CEFFUYXQ\rental_listings[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\87Y12SBU\4515454757[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\23EUIC99\7ADCTGJA.htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\23EUIC99\inbox[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20140622122332ED4).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20140622122335ED4).log not found!
File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\PCNAME-20140622-1223a.log not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

Advertisements


#11
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
****Please note, I combined two log files below. After rebooting I had to find the log file and there were two. 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/23/2014
Scan Time: 12:07:34 PM
Logfile: Malware Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.23.12
Rootkit Database: v2014.06.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286222
Time Elapsed: 16 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit.A, C:\Temp\embededstub_new2.exe, Quarantined, [0cb3ea90e2992d090fb77ec47987a759], 
PUP.Optional.Conduit.A, C:\Temp\spidentifierimpl.exe, Quarantined, [516e3a408eed4cea61770d7a11f030d0], 
PUP.Optional.Trovi.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://www.trovi.com...7B56C721E5E7&q={searchTerms}&SSPV=",), Replaced,[57686c0e631873c3f9aeb7faa85cb44c]
 
Physical Sectors: 0
(No malicious items detected)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/23/2014
Scan Time: 12:07:34 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.23.12
Rootkit Database: v2014.06.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286222
Time Elapsed: 16 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit.A, C:\Temp\embededstub_new2.exe, Quarantined, [0cb3ea90e2992d090fb77ec47987a759], 
PUP.Optional.Conduit.A, C:\Temp\spidentifierimpl.exe, Quarantined, [516e3a408eed4cea61770d7a11f030d0], 
PUP.Optional.Trovi.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://www.trovi.com...7B56C721E5E7&q={searchTerms}&SSPV=",), Replaced,[57686c0e631873c3f9aeb7faa85cb44c]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
(end)

  • 0

#12
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=43dd52a83c25494a854ddac304830990
# engine=18846
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-23 10:26:34
# local_time=2014-06-23 03:26:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 0 154138490 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 7020715 0 0
# scanned=153641
# found=10
# cleaned=0
# scan_time=5195
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=02F18375EF776089296105D8ED756BA018D84DF9 ft=1 fh=7a126cbe48eb4780 vn="a variant of Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Program Files\pcmax\pcmax.exe"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
sh=653E0B68F32EDDC1B742B466C4F1EB71BF991DE0 ft=0 fh=0000000000000000 vn="a variant of MSIL/FakeTool.KF trojan" ac=I fn="C:\Users\John\Downloads\Simpsons Tapped Out Hack 1.7.2.zip"
 
 
 
Thanks again!!!

Edited by jwww, 23 June 2014 - 04:33 PM.

  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
How is your PC?
  • Step #5 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :Files
      C:\Program Files\pcmax\pcmax.exe
      C:\Users\John\Downloads\Simpsons Tapped Out Hack 1.7.2.zip
      ipconfig /flushdns /c

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
Regards,
Valinorum
  • 0

#14
jwww

jwww

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

  All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\pcmax\pcmax.exe moved successfully.
C:\Users\John\Downloads\Simpsons Tapped Out Hack 1.7.2.zip moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Downloads\cmd.bat deleted successfully.
C:\Users\John\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: John
->Temp folder emptied: 5007088 bytes
->Temporary Internet Files folder emptied: 89344395 bytes
->FireFox cache emptied: 15952974 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 912 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142003 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 105.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06232014_225726
 
Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\-3ywrgCA-1I[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\confident_assertive_in_charge_developing_the_attitudes_of_leadership[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\d1u7THOudfw[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\DcSbpKIWPHI[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\HfRJg_4Xqkw[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\openhand_8_8[1].bmp moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\v06oz5JYFIg[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\vendome+place[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\Y106YB3R\Y8gYnqbifr0[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JMZBK2QY\fvlPYQMjFic[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JMZBK2QY\JHl4yUQMBYA[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JMZBK2QY\sh163[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JMZBK2QY\ToastmastersTimeTestedCommunicationTipsonVideo[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JM92HTAX\afs[3].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JM92HTAX\jobs[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\JM92HTAX\package[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\AGM6EK10\index.9cb253078983f295f307c46d8acf75fc[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\4A3TGYBM\GefKPy5YYHI[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\4A3TGYBM\getSegment[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\4A3TGYBM\PZdjoqQrhbU[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\4A3TGYBM\Z38PoXhzg20[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\2V7DQK73\9A80QdJPR9U[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\2V7DQK73\AykYRO5d_lI[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\2V7DQK73\events[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\2V7DQK73\WStG9TnG0Gw[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\2V7DQK73\WxAV39ySH2A[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\04C3I1BX\4825[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\04C3I1BX\dis[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(2014062312271467C).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(2014062312271467C).log not found!
File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\PCNAME-20140623-1227.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
How is your system running?
  • 0






Similar Topics


Also tagged with one or more of these keywords: Trovi

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP