Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several Malware/adware infections [Closed]

Started by skandranon1971 , Jun 18 2014 03:15 PM

  • This topic is locked This topic is locked

#1
skandranon1971
Posted 18 June 2014 - 03:15 PM

skandranon1971

    Member

  • Member
  • PipPip
  • 67 posts

I am working on my mother's laptop but I am having to do this post from my computer because hers is really messed up.  The Internet Explorer continuusly pops the stopped working message.  Everytime you click on a link a second window opens that has nothing to do with the link you clicked on.  Search-net and Tuvaro are the default search engines and won't allow any changes.  The internet also doesn't allow copy/paste functions. Here are the logs:

 

OTL logfile created on: 6/16/2014 4:16:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kathy\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.19 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 45.14% Memory free
4.76 Gb Paging File | 2.53 Gb Available in Paging File | 53.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571.70 Gb Total Space | 496.94 Gb Free Space | 86.92% Space Free | Partition Type: NTFS
Drive D: | 23.27 Gb Total Space | 2.34 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 6.26 Gb Free Space | 84.02% Space Free | Partition Type: FAT32
 
Computer Name: KATCOMPUTER | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/16 16:16:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
PRC - [2014/06/16 15:20:49 | 000,577,384 | ---- | M] (Plus HD) -- C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-bg.exe
PRC - [2014/06/14 15:57:52 | 000,645,488 | ---- | M] (Object Browser) -- C:\Program Files (x86)\Object Browser\Object Browser-bg.exe
PRC - [2014/06/12 02:22:29 | 000,524,800 | ---- | M] (Shield Plus) -- C:\Users\kathy\AppData\Local\ShieldPlus\spprt\spprt.exe
PRC - [2014/06/12 02:22:29 | 000,134,656 | ---- | M] (Shield Plus) -- C:\Users\kathy\AppData\Local\ShieldPlus\spprt\spsvc.exe
PRC - [2014/06/04 10:54:50 | 003,268,600 | ---- | M] () -- C:\Users\kathy\AppData\Local\t4pc_en_5\upt4pc_en_5.exe
PRC - [2014/05/23 00:31:06 | 004,879,680 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/05/23 00:31:06 | 003,080,000 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/05/23 00:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/22 00:12:44 | 001,974,120 | ---- | M] (YTDownloader) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe
PRC - [2014/05/22 00:12:44 | 000,734,568 | ---- | M] (Goobzo) -- C:\Program Files (x86)\YTDownloader\Updater.exe
PRC - [2014/05/10 23:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
PRC - [2014/05/05 07:24:56 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/04/28 01:43:34 | 003,350,528 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
PRC - [2014/03/07 01:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2014/02/13 02:32:26 | 000,701,800 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
PRC - [2014/02/13 02:31:18 | 000,064,360 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
PRC - [2014/02/13 02:31:10 | 001,905,000 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
PRC - [2013/12/25 15:20:30 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/12/14 18:05:17 | 000,061,512 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
PRC - [2013/12/14 18:05:15 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe
PRC - [2013/08/05 00:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/01/31 18:31:42 | 001,626,872 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/10 13:23:30 | 000,379,904 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/13 07:07:02 | 000,204,672 | ---- | M] () -- C:\Users\kathy\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll
MOD - [2014/06/12 20:34:18 | 000,774,504 | ---- | M] () -- C:\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll
MOD - [2014/06/04 10:54:50 | 003,268,600 | ---- | M] () -- C:\Users\kathy\AppData\Local\t4pc_en_5\upt4pc_en_5.exe
MOD - [2014/04/28 01:43:34 | 003,350,528 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 00:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2013/01/31 17:04:00 | 000,070,904 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2013/01/10 12:59:24 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2013/01/10 11:25:58 | 000,353,280 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2013/01/10 11:25:56 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/14 17:32:58 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\003\vxlsnyaiet64.exe -- (vxlsnyaiet64)
SRV:64bit: - [2014/06/12 20:34:24 | 002,652,008 | ---- | M] (Search Module Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe -- (SMUpd)
SRV:64bit: - [2014/06/06 07:15:31 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/06/06 07:15:31 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/06/06 07:11:59 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/06/06 07:11:59 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/06/06 07:11:12 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/06 07:11:12 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/06/06 07:11:12 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/06/06 07:06:45 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2014/05/28 16:52:52 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/03/18 03:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 03:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 03:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 03:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 03:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 03:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/18 03:13:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/03/18 03:13:13 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/03/12 16:03:16 | 001,558,032 | ---- | M] (SecureAssist) [Auto | Running] -- c:\Program Files\suprasavings\SecureAssist.exe -- (SecureAssist)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/24 12:49:44 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/03/01 15:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013/02/26 00:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/02/19 22:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2012/12/07 07:05:16 | 001,854,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2014/06/16 15:20:28 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/06/16 15:20:28 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/06/12 02:22:29 | 000,134,656 | ---- | M] (Shield Plus) [Auto | Running] -- C:\Users\kathy\AppData\Local\ShieldPlus\spprt\spsvc.exe -- (Service)
SRV - [2014/06/06 07:11:12 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/06/06 07:06:47 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/06/06 07:06:44 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/06/06 07:06:43 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/05/23 00:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/10 23:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/05 07:24:57 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/05/05 07:24:56 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/03/14 07:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/02/13 02:32:26 | 000,701,800 | ---- | M] (Crawler, LLC) [Auto | Running] -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe -- (PCTechHotlineSvc)
SRV - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/12/14 18:05:15 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe -- (CouponXplorer_5zService)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/01/31 18:31:42 | 001,626,872 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/01/10 13:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/13 21:03:50 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/06/12 20:34:16 | 000,041,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/09 13:52:05 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/06/09 13:49:00 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014/06/06 07:15:34 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/06/06 07:15:31 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/06/06 07:15:31 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/06/06 07:15:31 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/06/06 07:12:00 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/06/06 07:12:00 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/06/06 07:11:59 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/06/06 07:11:12 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/05/28 16:52:54 | 013,209,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/05/28 16:52:54 | 000,626,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/05/01 06:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 15:12:04 | 000,041,768 | ---- | M] (SecureAssist) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SAWFP64.sys -- (SAWFP)
DRV:64bit: - [2014/03/18 03:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 03:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 03:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/18 03:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 03:13:01 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 03:13:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/03/18 03:13:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 03:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 03:13:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 03:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 03:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 03:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 03:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 02:45:47 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/03/18 02:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 16:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 18:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/27 20:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/12/04 11:02:30 | 002,505,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/10/30 00:26:30 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/10/30 00:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/29 23:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/29 23:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/09/10 08:55:43 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/01 15:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013/03/01 15:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013/02/26 10:36:46 | 000,049,200 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2013/02/14 20:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/05 21:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/02/05 21:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/11/30 02:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 02:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/28 08:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/19 17:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/15 11:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2014/06/13 16:07:56 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140616.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/06/13 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/11 07:27:37 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/06 11:00:05 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/05/22 00:12:40 | 000,058,728 | ---- | M] (YTDownloader) [Kernel | Auto | Running] -- C:\Program Files (x86)\YTDownloader\sbmntr.sys -- (sbmntr)
DRV - [2014/04/28 01:46:34 | 000,052,072 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys -- (SPDRIVER_1.36.1.172)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...7f5fe9f51&sspv=
IE - HKCU\..\URLSearchHook: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.ne...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/06/16 16:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/14 09:44:31 | 000,000,000 | ---D | M]
 
[2014/06/16 15:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Object Browser) - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser)
O2:64bit: - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
O2:64bit: - BHO: (Plus-HD-9.1) - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-bho64.dll (Plus HD)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Toolbar BHO) - {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (Mindspark)
O2 - BHO: (2rs3) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll ()
O2 - BHO: (Object Browser) - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser)
O2 - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll (iWebar)
O2 - BHO: (Plus-HD-9.1) - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-bho.dll (Plus HD)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (ArcadeYum Addon) - {651CA263-4157-4AC5-B7C2-03A7C1C00457} - C:\Users\kathy\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll (Mindspark)
O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (buenosearch Helper Object) - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (CouponXplorer) - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (Mindspark)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (buenosearch Toolbar) - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CouponXplorer) - {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (Mindspark)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponXplorer) - {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (Mindspark)
O4:64bit: - HKLM..\Run: [CouponXplorer Home Page Guard 64 bit] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe ( )
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CouponXplorer EPM Support] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [CouponXplorer Search Scope Monitor] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe (Mindspark)
O4 - HKLM..\Run: [CouponXplorer_5z Browser Plugin Loader] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [CouponXplorer_5z Browser Plugin Loader 64] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon64.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [fst_us_96]  File not found
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PCFixSpeed] C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (Crawler.com)
O4 - HKLM..\Run: [PCTechHotline] C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe (Crawler, LLC)
O4 - HKLM..\Run: [Price Finder] C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe (MindSpark Interactive Network)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [t4pc_en_5] "C:\Program Files (x86)\t4pc_en_5\t4pc_en_5.exe" File not found
O4 - HKLM..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (YTDownloader)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe ()
O4 - HKCU..\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (YTDownloader)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [upt4pc_en_5.exe] C:\Users\kathy\AppData\Local\t4pc_en_5\upt4pc_en_5.exe ()
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Users\kathy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\kathy\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\kathy\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\kathy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CF7021-C9F7-4283-A935-42932058313F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/16 16:16:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
[2014/06/16 16:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/16 15:29:45 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\wp_update
[2014/06/16 15:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\buenosearch LTD
[2014/06/16 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/16 15:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DSearchLink
[2014/06/16 15:28:08 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\BabSolution
[2014/06/16 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\ShieldPlus
[2014/06/16 15:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T4PC
[2014/06/16 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\t4pc_en_5
[2014/06/16 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\t4pc_en_5
[2014/06/16 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-9.1
[2014/06/16 15:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/06/16 09:16:32 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\PCFixSpeed
[2014/06/16 09:11:34 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\PC Tech Hotline
[2014/06/14 17:35:37 | 000,041,768 | ---- | C] (SecureAssist) -- C:\WINDOWS\SysNative\drivers\SAWFP64.sys
[2014/06/14 17:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
[2014/06/14 17:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/06/14 17:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/06/14 17:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
[2014/06/14 17:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2014/06/14 17:33:41 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Weather_Notifications,_LL
[2014/06/14 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\SevereWeatherAlerts
[2014/06/14 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2014/06/14 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupraSavings
[2014/06/14 17:33:02 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/14 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/06/14 15:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/14 15:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWebar
[2014/06/14 15:57:36 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\globalUpdate
[2014/06/14 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/14 15:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object Browser
[2014/06/14 15:57:08 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[2014/06/14 15:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTDownloader
[2014/06/14 15:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/14 15:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/14 15:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
[2014/06/14 15:56:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014/06/14 15:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopperPro
[2014/06/14 15:55:59 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\CrashRpt
[2014/06/14 09:42:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/06/13 13:35:00 | 000,000,000 | ---D | C] -- C:\Users\kathy\Documents\Optimizer Pro
[2014/06/13 13:30:05 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/13 13:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/13 13:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/06/13 13:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/06/13 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Programs
[2014/06/13 13:29:18 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Local_Weather_LLC
[2014/06/13 13:29:12 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/06/13 13:28:55 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\WeatherAlerts
[2014/06/13 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
[2014/06/13 13:28:44 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\PriceMeter
[2014/06/13 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\SearchProtect
[2014/06/13 07:07:07 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeYum
[2014/06/13 07:07:02 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\ArcadeYum
[2014/06/10 13:43:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014/06/10 13:43:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/06/10 13:43:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/06/10 13:43:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/06/10 13:43:12 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/06/10 13:43:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/06/10 13:43:08 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/06/10 13:43:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/06/10 13:43:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/06/10 13:43:07 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014/06/10 13:43:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/06/10 13:43:06 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/06/10 13:43:04 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/06/10 13:43:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/06/10 13:43:02 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/06/10 13:43:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014/06/10 13:43:00 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/06/10 13:43:00 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/06/10 13:42:59 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/06/10 13:42:57 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/06/10 13:42:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/06/10 13:42:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/06/10 13:42:56 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/06/10 13:42:56 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/06/10 13:42:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/06/10 13:40:59 | 000,921,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/06/10 13:40:59 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/06/10 13:40:59 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/06/10 13:40:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/06/10 13:40:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe
[2014/06/10 13:40:55 | 000,428,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 13:40:51 | 001,336,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2014/06/10 13:40:50 | 003,360,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2014/06/10 13:40:47 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2014/06/10 13:40:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe
[2014/06/10 13:40:47 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe
[2014/06/10 13:40:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvcfg.exe
[2014/06/10 13:40:44 | 003,118,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll
[2014/06/10 13:40:44 | 003,048,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2014/06/10 13:40:44 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebSync.dll
[2014/06/10 13:40:44 | 002,834,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpccpl.dll
[2014/06/10 13:40:44 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll
[2014/06/10 13:40:44 | 000,055,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wpcfltr.sys
[2014/06/09 14:15:13 | 000,830,680 | ---- | C] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/06/09 14:15:13 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2014/06/09 13:49:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sda
[2014/06/09 13:49:38 | 009,889,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\RtsP2StorIcon.dll
[2014/06/09 11:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/09 11:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/09 11:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/09 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/09 11:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/06 07:56:24 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\EmieUserList
[2014/06/06 07:56:24 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\EmieSiteList
[2014/06/06 07:55:03 | 000,000,000 | R--D | C] -- C:\Users\kathy\OneDrive
[2014/06/06 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Identities
[2014/06/06 07:18:28 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/06/06 07:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/06/06 07:16:37 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wusa.exe
[2014/06/06 07:16:37 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wusa.exe
[2014/06/06 07:15:34 | 000,157,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2014/06/06 07:15:33 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2014/06/06 07:15:33 | 000,360,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2014/06/06 07:15:33 | 000,355,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2014/06/06 07:15:33 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2014/06/06 07:15:33 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsApi.dll
[2014/06/06 07:15:33 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2014/06/06 07:15:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxproxy.dll
[2014/06/06 07:15:32 | 002,088,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2014/06/06 07:15:32 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/06/06 07:15:31 | 002,900,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/06/06 07:15:31 | 002,641,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/06/06 07:15:31 | 002,373,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2014/06/06 07:15:31 | 002,317,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/06/06 07:15:31 | 002,270,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/06/06 07:15:31 | 002,141,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/06/06 07:15:31 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/06/06 07:15:31 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/06/06 07:15:31 | 001,779,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/06/06 07:15:31 | 001,764,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/06/06 07:15:31 | 001,656,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2014/06/06 07:15:31 | 001,542,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2014/06/06 07:15:31 | 001,351,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2014/06/06 07:15:31 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/06/06 07:15:31 | 001,291,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/06/06 07:15:31 | 001,112,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/06/06 07:15:31 | 001,015,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aclui.dll
[2014/06/06 07:15:31 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/06/06 07:15:31 | 000,924,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/06/06 07:15:31 | 000,887,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aclui.dll
[2014/06/06 07:15:31 | 000,834,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2014/06/06 07:15:31 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/06/06 07:15:31 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2014/06/06 07:15:31 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll
[2014/06/06 07:15:31 | 000,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2014/06/06 07:15:31 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/06/06 07:15:31 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2014/06/06 07:15:31 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2014/06/06 07:15:31 | 000,518,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/06/06 07:15:31 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2014/06/06 07:15:31 | 000,488,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2014/06/06 07:15:31 | 000,467,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/06/06 07:15:31 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlangpui.dll
[2014/06/06 07:15:31 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2014/06/06 07:15:31 | 000,390,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2014/06/06 07:15:31 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlangpui.dll
[2014/06/06 07:15:31 | 000,379,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/06/06 07:15:31 | 000,376,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2014/06/06 07:15:31 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2014/06/06 07:15:31 | 000,356,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/06/06 07:15:31 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationApi.dll
[2014/06/06 07:15:31 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pdh.dll
[2014/06/06 07:15:31 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2014/06/06 07:15:31 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2014/06/06 07:15:31 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WsmWmiPl.dll
[2014/06/06 07:15:31 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spp.dll
[2014/06/06 07:15:31 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2014/06/06 07:15:31 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LocationApi.dll
[2014/06/06 07:15:31 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pdh.dll
[2014/06/06 07:15:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/06/06 07:15:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2014/06/06 07:15:31 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/06/06 07:15:31 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2014/06/06 07:15:31 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReInfo.dll
[2014/06/06 07:15:31 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/06/06 07:15:31 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2014/06/06 07:15:31 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2014/06/06 07:15:31 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2014/06/06 07:15:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2014/06/06 07:15:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2014/06/06 07:15:31 | 000,136,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2014/06/06 07:15:31 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll
[2014/06/06 07:15:31 | 000,113,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2014/06/06 07:15:31 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2014/06/06 07:15:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2014/06/06 07:15:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMapi.dll
[2014/06/06 07:15:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sxproxy.dll
[2014/06/06 07:15:31 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\w32tm.exe
[2014/06/06 07:15:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\w32tm.exe
[2014/06/06 07:15:31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\l2gpstore.dll
[2014/06/06 07:15:31 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\l2gpstore.dll
[2014/06/06 07:15:31 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SetNetworkLocation.dll
[2014/06/06 07:15:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/06/06 07:15:31 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/06/06 07:13:42 | 000,086,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mrt_map.dll
[2014/06/06 07:13:42 | 000,080,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mrt_map.dll
[2014/06/06 07:13:42 | 000,028,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mrt100.dll
[2014/06/06 07:13:42 | 000,026,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mrt100.dll
[2014/06/06 07:12:59 | 001,705,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/06/06 07:12:59 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014/06/06 07:12:59 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014/06/06 07:12:59 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014/06/06 07:12:59 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2014/06/06 07:12:59 | 000,419,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll
[2014/06/06 07:12:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/06/06 07:12:59 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/06/06 07:12:59 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2014/06/06 07:12:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014/06/06 07:12:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2014/06/06 07:12:59 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/06/06 07:12:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2014/06/06 07:12:58 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014/06/06 07:12:58 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/06/06 07:12:58 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2014/06/06 07:12:58 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014/06/06 07:12:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2014/06/06 07:12:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2014/06/06 07:12:00 | 000,257,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/06/06 07:12:00 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/06/06 07:11:59 | 000,123,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2014/06/06 07:11:12 | 016,872,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/06/06 07:11:12 | 013,287,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/06/06 07:11:12 | 012,711,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/06/06 07:11:12 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/06/06 07:11:12 | 008,652,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/06/06 07:11:12 | 007,425,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/06/06 07:11:12 | 007,173,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2014/06/06 07:11:12 | 006,645,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/06/06 07:11:12 | 005,833,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/06/06 07:11:12 | 005,774,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/06/06 07:11:12 | 005,104,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2014/06/06 07:11:12 | 004,269,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/06/06 07:11:12 | 002,688,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014/06/06 07:11:12 | 002,144,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/06/06 07:11:12 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/06/06 07:11:12 | 002,124,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2014/06/06 07:11:12 | 002,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlowUI.dll
[2014/06/06 07:11:12 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2014/06/06 07:11:12 | 001,466,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/06/06 07:11:12 | 001,411,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/06/06 07:11:12 | 001,403,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/06/06 07:11:12 | 001,379,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/06/06 07:11:12 | 001,287,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/06/06 07:11:12 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2014/06/06 07:11:12 | 001,222,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2014/06/06 07:11:12 | 001,209,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/06/06 07:11:12 | 001,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/06/06 07:11:12 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/06/06 07:11:12 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/06/06 07:11:12 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2014/06/06 07:11:12 | 000,982,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2014/06/06 07:11:12 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/06/06 07:11:12 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/06/06 07:11:12 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2014/06/06 07:11:12 | 000,881,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2014/06/06 07:11:12 | 000,872,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/06/06 07:11:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/06/06 07:11:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2014/06/06 07:11:12 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/06/06 07:11:12 | 000,765,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/06/06 07:11:12 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2014/06/06 07:11:12 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014/06/06 07:11:12 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014/06/06 07:11:12 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/06/06 07:11:12 | 000,707,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2014/06/06 07:11:12 | 000,669,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/06/06 07:11:12 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/06/06 07:11:12 | 000,609,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll
[2014/06/06 07:11:12 | 000,518,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mf.dll
[2014/06/06 07:11:12 | 000,491,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2014/06/06 07:11:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll
[2014/06/06 07:11:12 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winspool.drv
[2014/06/06 07:11:12 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srcore.dll
[2014/06/06 07:11:12 | 000,467,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2014/06/06 07:11:12 | 000,463,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2014/06/06 07:11:12 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/06/06 07:11:12 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2014/06/06 07:11:12 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clusapi.dll
[2014/06/06 07:11:12 | 000,407,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2014/06/06 07:11:12 | 000,387,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2014/06/06 07:11:12 | 000,384,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014/06/06 07:11:12 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2014/06/06 07:11:12 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2014/06/06 07:11:12 | 000,364,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2014/06/06 07:11:12 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GeofenceMonitorService.dll
[2014/06/06 07:11:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/06/06 07:11:12 | 000,337,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2014/06/06 07:11:12 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDEServer.exe
[2014/06/06 07:11:12 | 000,324,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2014/06/06 07:11:12 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll
[2014/06/06 07:11:12 | 000,307,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2014/06/06 07:11:12 | 000,305,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2014/06/06 07:11:12 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanmsm.dll
[2014/06/06 07:11:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2014/06/06 07:11:12 | 000,285,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
[2014/06/06 07:11:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resutils.dll
[2014/06/06 07:11:12 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rstrui.exe
[2014/06/06 07:11:12 | 000,263,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2014/06/06 07:11:12 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2014/06/06 07:11:12 | 000,244,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2014/06/06 07:11:12 | 000,233,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/06/06 07:11:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2014/06/06 07:11:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resutils.dll
[2014/06/06 07:11:12 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2014/06/06 07:11:12 | 000,201,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVideoDSP.dll
[2014/06/06 07:11:12 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2014/06/06 07:11:12 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpchttp.dll
[2014/06/06 07:11:12 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2014/06/06 07:11:12 | 000,178,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVideoDSP.dll
[2014/06/06 07:11:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rpchttp.dll
[2014/06/06 07:11:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BootMenuUX.dll
[2014/06/06 07:11:12 | 000,130,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpapi.dll
[2014/06/06 07:11:12 | 000,125,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmapi.dll
[2014/06/06 07:11:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srclient.dll
[2014/06/06 07:11:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/06/06 07:11:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\energyprov.dll
[2014/06/06 07:11:12 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/06/06 07:11:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tlscsp.dll
[2014/06/06 07:11:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tlscsp.dll
[2014/06/06 07:11:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2014/06/06 07:11:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2014/06/06 07:11:12 | 000,032,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/06/06 07:11:12 | 000,028,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfpmp.exe
[2014/06/06 07:11:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanhlp.dll
[2014/06/06 07:11:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanhlp.dll
[2014/06/06 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/06/06 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/06/06 07:06:47 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2014/06/06 07:06:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2014/06/06 07:06:47 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2014/06/06 07:06:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2014/06/06 07:06:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2014/06/06 07:06:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2014/06/06 07:06:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2014/06/06 07:06:46 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2014/06/06 07:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2014/06/06 07:06:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2014/06/06 07:06:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2014/06/06 07:06:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2014/06/06 07:06:01 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2014/06/06 07:06:00 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2014/06/06 07:06:00 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/06/06 07:05:59 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2014/06/06 07:05:58 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/06/06 07:05:57 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\Temporary Internet Files
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Templates
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Start Menu
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\SendTo
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Recent
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\PrintHood
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\NetHood
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Videos
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Pictures
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Music
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\My Documents
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Local Settings
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\History
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Cookies
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Application Data
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\Application Data
[2014/06/06 06:33:54 | 000,000,000 | --SD | C] -- C:\Users\kathy\AppData\Roaming\Microsoft
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Favorites
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Documents
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Desktop
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/06/06 06:33:54 | 000,000,000 | -H-D | C] -- C:\Users\kathy\AppData
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Temp
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Microsoft
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/06/06 06:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/06/06 06:22:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2014/06/06 06:22:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2014/06/06 06:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/06/06 06:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/06/06 06:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/06/06 06:21:39 | 000,000,000 | ---D | C] -- C:\AMD
[2014/06/06 06:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/06/06 06:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/06/06 06:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/05/28 16:53:12 | 000,129,536 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.9001.dll
[2014/05/28 16:53:12 | 000,099,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
[2014/05/28 16:53:12 | 000,086,528 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
[2014/05/28 16:53:12 | 000,083,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
[2014/05/28 16:53:12 | 000,073,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
[2014/05/28 16:53:02 | 008,287,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
[2014/05/28 16:53:02 | 006,630,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
[2014/05/28 16:53:02 | 000,143,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
[2014/05/28 16:53:02 | 000,126,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
[2014/05/28 16:53:00 | 008,927,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
[2014/05/28 16:53:00 | 007,751,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
[2014/05/28 16:53:00 | 000,190,976 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2014/05/28 16:53:00 | 000,115,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
[2014/05/28 16:53:00 | 000,098,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
[2014/05/28 16:53:00 | 000,089,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atisamu64.dll
[2014/05/28 16:53:00 | 000,080,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atisamu32.dll
[2014/05/28 16:52:58 | 022,157,824 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2014/05/28 16:52:56 | 026,352,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
[2014/05/28 16:52:56 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
[2014/05/28 16:52:56 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
[2014/05/28 16:52:54 | 013,209,088 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
[2014/05/28 16:52:54 | 000,626,688 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
[2014/05/28 16:52:54 | 000,100,352 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
[2014/05/28 16:52:54 | 000,096,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
[2014/05/28 16:52:54 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
[2014/05/28 16:52:54 | 000,074,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
[2014/05/28 16:52:54 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2014/05/28 16:52:54 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
[2014/05/28 16:52:54 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
[2014/05/28 16:52:54 | 000,031,232 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2014/05/28 16:52:52 | 009,753,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
[2014/05/28 16:52:52 | 000,588,288 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2014/05/28 16:52:52 | 000,239,616 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2014/05/28 16:52:36 | 008,406,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
[2014/05/28 16:52:34 | 001,318,552 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
[2014/05/28 16:52:34 | 001,100,216 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
[2014/05/28 16:52:34 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
[2014/05/28 16:52:34 | 000,062,464 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
[2014/05/28 16:52:34 | 000,052,224 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2014/05/28 16:52:32 | 015,716,352 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
[2014/05/28 16:52:32 | 014,302,208 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2014/05/28 16:52:32 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
[2014/05/28 16:52:32 | 000,055,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
[2014/05/28 16:52:32 | 000,049,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2014/05/28 16:52:30 | 001,144,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
[2014/05/28 16:52:30 | 000,825,344 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2014/05/28 16:52:30 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
[2014/05/28 16:52:30 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
[2014/05/28 16:52:30 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2014/05/28 16:52:30 | 000,063,488 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/05/28 16:52:30 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014/05/28 16:52:30 | 000,043,520 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
[2014/05/28 16:52:26 | 029,382,144 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
[2014/05/28 16:52:24 | 024,860,160 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
[2014/05/28 16:52:22 | 000,157,736 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\amdhcp64.dll
[2014/05/28 16:52:22 | 000,142,304 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\amdhcp32.dll
[2014/05/28 16:52:22 | 000,096,256 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdave64.dll
[2014/05/28 16:52:22 | 000,090,112 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdave32.dll
[2014/05/24 05:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tri-Peaks 2 Quest for the Ruby Ring
[2014/05/24 05:32:10 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Pogo Games
[2014/05/18 07:20:06 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Apple Computer
[2014/05/18 07:20:06 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Apple Computer
[2014/05/18 07:19:12 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys
[2014/05/18 07:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/05/18 07:16:53 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Apple
[2014/05/18 07:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/05/18 07:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/05/18 07:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/16 16:16:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
[2014/06/16 16:08:08 | 000,001,587 | ---- | M] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/16 16:05:03 | 000,000,983 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/06/16 16:03:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/16 16:03:24 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/06/16 16:02:54 | 000,001,520 | ---- | M] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-5.job
[2014/06/16 16:02:53 | 000,002,232 | ---- | M] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-4.job
[2014/06/16 16:02:52 | 000,001,708 | ---- | M] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-5.job
[2014/06/16 16:02:51 | 000,003,818 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-11.job
[2014/06/16 16:02:50 | 000,004,156 | ---- | M] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-11.job
[2014/06/16 16:02:49 | 000,002,234 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-4.job
[2014/06/16 16:02:49 | 000,001,442 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-5.job
[2014/06/16 16:02:47 | 000,003,136 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-3.job
[2014/06/16 16:02:46 | 000,002,386 | ---- | M] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-4.job
[2014/06/16 16:02:46 | 000,001,772 | ---- | M] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-1.job
[2014/06/16 16:02:45 | 000,001,600 | ---- | M] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-2.job
[2014/06/16 16:02:45 | 000,001,394 | ---- | M] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-2.job
[2014/06/16 16:02:45 | 000,001,364 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-2.job
[2014/06/16 16:02:45 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/06/16 16:02:43 | 000,001,502 | ---- | M] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-1.job
[2014/06/16 16:02:42 | 000,001,428 | ---- | M] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-1.job
[2014/06/16 16:01:59 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/06/16 16:01:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/16 16:01:28 | 2743,287,808 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/16 15:28:10 | 000,001,903 | ---- | M] () -- C:\Users\kathy\Desktop\Search.lnk
[2014/06/16 15:27:43 | 000,493,272 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\~eqswjpj.exe
[2014/06/16 15:25:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/16 07:42:43 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\SMW_UpdateTask_Time_323238363235333932372d235b783432415b45345a2d6c.job
[2014/06/14 22:04:14 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ArcadeYum.job
[2014/06/14 17:45:37 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/06/14 17:45:37 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/06/14 17:45:37 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/06/14 17:35:46 | 000,005,624 | ---- | M] () -- C:\WINDOWS\SysNative\SecureAssist.ini
[2014/06/14 17:35:46 | 000,002,576 | ---- | M] () -- C:\WINDOWS\SysWow64\SecureAssistOff.ini
[2014/06/14 17:35:46 | 000,002,576 | ---- | M] () -- C:\WINDOWS\SysNative\SecureAssistOff.ini
[2014/06/14 17:35:23 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/06/14 17:35:00 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/06/14 17:33:38 | 000,002,216 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/14 17:33:38 | 000,001,273 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/14 15:57:08 | 000,001,968 | ---- | M] () -- C:\Users\kathy\Desktop\YTDownloader.lnk
[2014/06/14 09:42:37 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/06/14 09:38:06 | 002,481,419 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/14 09:37:26 | 000,035,791 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\VT20140430.005
[2014/06/13 21:03:50 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/13 21:03:50 | 000,008,222 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/13 21:03:50 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/13 20:01:06 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForkathy.job
[2014/06/13 13:30:22 | 000,001,988 | ---- | M] () -- C:\Users\kathy\Desktop\Sync Folder.lnk
[2014/06/13 13:30:14 | 000,000,000 | ---- | M] () -- C:\END
[2014/06/13 13:30:06 | 000,001,116 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/13 13:30:06 | 000,001,106 | ---- | M] () -- C:\Users\kathy\Desktop\MyPC Backup.lnk
[2014/06/13 13:29:12 | 000,001,201 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/06/13 13:28:56 | 000,001,233 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/06/09 13:52:05 | 000,830,680 | ---- | M] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/06/09 13:52:05 | 000,074,456 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2014/06/09 13:49:01 | 009,889,352 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\RtsP2StorIcon.dll
[2014/06/09 13:49:00 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\drivers\RtsP2Stor.sys
[2014/06/09 11:37:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 11:28:51 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/06 07:54:07 | 000,001,744 | ---- | M] () -- C:\{6A3E4982-9BA9-46F4-9DE9-3C801EF46A17}
[2014/06/06 07:16:37 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wusa.exe
[2014/06/06 07:16:37 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wusa.exe
[2014/06/06 07:15:34 | 000,157,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2014/06/06 07:15:33 | 000,402,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2014/06/06 07:15:33 | 000,360,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2014/06/06 07:15:33 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2014/06/06 07:15:33 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2014/06/06 07:15:33 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsApi.dll
[2014/06/06 07:15:33 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2014/06/06 07:15:33 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxproxy.dll
[2014/06/06 07:15:32 | 002,088,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2014/06/06 07:15:32 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014/06/06 07:15:31 | 002,900,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014/06/06 07:15:31 | 002,641,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/06/06 07:15:31 | 002,373,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2014/06/06 07:15:31 | 002,317,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/06/06 07:15:31 | 002,270,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014/06/06 07:15:31 | 002,141,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/06/06 07:15:31 | 002,133,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/06/06 07:15:31 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014/06/06 07:15:31 | 001,779,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/06/06 07:15:31 | 001,764,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014/06/06 07:15:31 | 001,656,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2014/06/06 07:15:31 | 001,542,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2014/06/06 07:15:31 | 001,351,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2014/06/06 07:15:31 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/06/06 07:15:31 | 001,291,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/06/06 07:15:31 | 001,112,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/06/06 07:15:31 | 001,015,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aclui.dll
[2014/06/06 07:15:31 | 000,950,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/06/06 07:15:31 | 000,924,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/06/06 07:15:31 | 000,887,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aclui.dll
[2014/06/06 07:15:31 | 000,834,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2014/06/06 07:15:31 | 000,800,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/06/06 07:15:31 | 000,717,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2014/06/06 07:15:31 | 000,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll
[2014/06/06 07:15:31 | 000,655,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2014/06/06 07:15:31 | 000,621,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/06/06 07:15:31 | 000,567,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2014/06/06 07:15:31 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2014/06/06 07:15:31 | 000,518,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/06/06 07:15:31 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2014/06/06 07:15:31 | 000,488,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2014/06/06 07:15:31 | 000,467,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/06/06 07:15:31 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlangpui.dll
[2014/06/06 07:15:31 | 000,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2014/06/06 07:15:31 | 000,390,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2014/06/06 07:15:31 | 000,387,210 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/06/06 07:15:31 | 000,386,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlangpui.dll
[2014/06/06 07:15:31 | 000,379,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/06/06 07:15:31 | 000,376,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2014/06/06 07:15:31 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2014/06/06 07:15:31 | 000,356,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014/06/06 07:15:31 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationApi.dll
[2014/06/06 07:15:31 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pdh.dll
[2014/06/06 07:15:31 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2014/06/06 07:15:31 | 000,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2014/06/06 07:15:31 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WsmWmiPl.dll
[2014/06/06 07:15:31 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spp.dll
[2014/06/06 07:15:31 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2014/06/06 07:15:31 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LocationApi.dll
[2014/06/06 07:15:31 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pdh.dll
[2014/06/06 07:15:31 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014/06/06 07:15:31 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2014/06/06 07:15:31 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014/06/06 07:15:31 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2014/06/06 07:15:31 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReInfo.dll
[2014/06/06 07:15:31 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014/06/06 07:15:31 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2014/06/06 07:15:31 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll
[2014/06/06 07:15:31 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2014/06/06 07:15:31 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2014/06/06 07:15:31 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2014/06/06 07:15:31 | 000,136,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2014/06/06 07:15:31 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll
[2014/06/06 07:15:31 | 000,113,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\userenv.dll
[2014/06/06 07:15:31 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2014/06/06 07:15:31 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2014/06/06 07:15:31 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RMapi.dll
[2014/06/06 07:15:31 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sxproxy.dll
[2014/06/06 07:15:31 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\w32tm.exe
[2014/06/06 07:15:31 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\w32tm.exe
[2014/06/06 07:15:31 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\l2gpstore.dll
[2014/06/06 07:15:31 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\l2gpstore.dll
[2014/06/06 07:15:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\HidBthLE.dll
[2014/06/06 07:15:31 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SetNetworkLocation.dll
[2014/06/06 07:15:31 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014/06/06 07:15:31 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014/06/06 07:13:42 | 000,086,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mrt_map.dll
[2014/06/06 07:13:42 | 000,080,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mrt_map.dll
[2014/06/06 07:13:42 | 000,028,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mrt100.dll
[2014/06/06 07:13:42 | 000,026,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mrt100.dll
[2014/06/06 07:12:59 | 001,705,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/06/06 07:12:59 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014/06/06 07:12:59 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014/06/06 07:12:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014/06/06 07:12:59 | 000,555,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2014/06/06 07:12:59 | 000,419,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll
[2014/06/06 07:12:59 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/06/06 07:12:59 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/06/06 07:12:59 | 000,137,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2014/06/06 07:12:59 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014/06/06 07:12:59 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2014/06/06 07:12:59 | 000,054,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/06/06 07:12:59 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2014/06/06 07:12:58 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014/06/06 07:12:58 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/06/06 07:12:58 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2014/06/06 07:12:58 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014/06/06 07:12:58 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2014/06/06 07:12:58 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2014/06/06 07:12:00 | 000,257,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/06/06 07:12:00 | 000,035,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/06/06 07:11:59 | 000,123,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2014/06/06 07:11:12 | 016,872,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/06/06 07:11:12 | 013,287,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/06/06 07:11:12 | 012,711,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/06/06 07:11:12 | 011,792,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/06/06 07:11:12 | 008,652,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/06/06 07:11:12 | 007,425,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/06/06 07:11:12 | 007,173,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2014/06/06 07:11:12 | 006,645,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/06/06 07:11:12 | 005,833,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/06/06 07:11:12 | 005,774,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/06/06 07:11:12 | 005,104,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2014/06/06 07:11:12 | 004,269,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/06/06 07:11:12 | 002,688,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014/06/06 07:11:12 | 002,144,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/06/06 07:11:12 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/06/06 07:11:12 | 002,124,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2014/06/06 07:11:12 | 002,100,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlowUI.dll
[2014/06/06 07:11:12 | 001,584,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2014/06/06 07:11:12 | 001,466,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/06/06 07:11:12 | 001,411,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014/06/06 07:11:12 | 001,403,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/06/06 07:11:12 | 001,379,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/06/06 07:11:12 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014/06/06 07:11:12 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2014/06/06 07:11:12 | 001,222,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2014/06/06 07:11:12 | 001,209,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/06/06 07:11:12 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/06/06 07:11:12 | 001,057,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2014/06/06 07:11:12 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014/06/06 07:11:12 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2014/06/06 07:11:12 | 000,982,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2014/06/06 07:11:12 | 000,955,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/06/06 07:11:12 | 000,918,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/06/06 07:11:12 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2014/06/06 07:11:12 | 000,881,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2014/06/06 07:11:12 | 000,872,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/06/06 07:11:12 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2014/06/06 07:11:12 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2014/06/06 07:11:12 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/06/06 07:11:12 | 000,765,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014/06/06 07:11:12 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2014/06/06 07:11:12 | 000,731,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014/06/06 07:11:12 | 000,731,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014/06/06 07:11:12 | 000,721,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/06/06 07:11:12 | 000,707,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2014/06/06 07:11:12 | 000,669,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014/06/06 07:11:12 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/06/06 07:11:12 | 000,609,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll
[2014/06/06 07:11:12 | 000,518,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mf.dll
[2014/06/06 07:11:12 | 000,491,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2014/06/06 07:11:12 | 000,491,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll
[2014/06/06 07:11:12 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winspool.drv
[2014/06/06 07:11:12 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srcore.dll
[2014/06/06 07:11:12 | 000,467,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2014/06/06 07:11:12 | 000,463,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2014/06/06 07:11:12 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/06/06 07:11:12 | 000,443,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2014/06/06 07:11:12 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clusapi.dll
[2014/06/06 07:11:12 | 000,407,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2014/06/06 07:11:12 | 000,387,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2014/06/06 07:11:12 | 000,384,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014/06/06 07:11:12 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2014/06/06 07:11:12 | 000,370,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2014/06/06 07:11:12 | 000,364,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2014/06/06 07:11:12 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GeofenceMonitorService.dll
[2014/06/06 07:11:12 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/06/06 07:11:12 | 000,337,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2014/06/06 07:11:12 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDEServer.exe
[2014/06/06 07:11:12 | 000,324,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2014/06/06 07:11:12 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll
[2014/06/06 07:11:12 | 000,307,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2014/06/06 07:11:12 | 000,305,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2014/06/06 07:11:12 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanmsm.dll
[2014/06/06 07:11:12 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2014/06/06 07:11:12 | 000,285,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
[2014/06/06 07:11:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resutils.dll
[2014/06/06 07:11:12 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rstrui.exe
[2014/06/06 07:11:12 | 000,263,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2014/06/06 07:11:12 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2014/06/06 07:11:12 | 000,244,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2014/06/06 07:11:12 | 000,233,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/06/06 07:11:12 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2014/06/06 07:11:12 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resutils.dll
[2014/06/06 07:11:12 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2014/06/06 07:11:12 | 000,201,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVideoDSP.dll
[2014/06/06 07:11:12 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2014/06/06 07:11:12 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpchttp.dll
[2014/06/06 07:11:12 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2014/06/06 07:11:12 | 000,178,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVideoDSP.dll
[2014/06/06 07:11:12 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rpchttp.dll
[2014/06/06 07:11:12 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BootMenuUX.dll
[2014/06/06 07:11:12 | 000,130,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpapi.dll
[2014/06/06 07:11:12 | 000,125,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmapi.dll
[2014/06/06 07:11:12 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srclient.dll
[2014/06/06 07:11:12 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsgqec.dll
[2014/06/06 07:11:12 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\energyprov.dll
[2014/06/06 07:11:12 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsgqec.dll
[2014/06/06 07:11:12 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tlscsp.dll
[2014/06/06 07:11:12 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tlscsp.dll
[2014/06/06 07:11:12 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2014/06/06 07:11:12 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2014/06/06 07:11:12 | 000,032,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014/06/06 07:11:12 | 000,028,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfpmp.exe
[2014/06/06 07:11:12 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\en-US\spaceport.sys.mui
[2014/06/06 07:11:12 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanhlp.dll
[2014/06/06 07:11:12 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanhlp.dll
[2014/06/06 07:06:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2014/06/06 07:06:47 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2014/06/06 07:06:47 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2014/06/06 07:06:47 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2014/06/06 07:06:47 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2014/06/06 07:06:47 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2014/06/06 07:06:46 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2014/06/06 07:06:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2014/06/06 07:06:46 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2014/06/06 07:06:46 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2014/06/06 07:06:46 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2014/06/06 07:06:46 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2014/06/06 06:56:28 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/06/06 06:56:28 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/06/06 06:56:09 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/06/06 06:46:46 | 000,484,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/06/06 06:25:42 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/06 06:22:10 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/06/06 06:22:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/06/06 06:21:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2014/05/30 22:13:24 | 000,703,992 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/05/30 22:13:24 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/30 02:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/05/30 02:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/05/30 02:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014/05/30 01:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/05/30 01:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/05/30 01:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/05/30 01:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/05/30 01:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/05/30 01:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/05/30 01:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/05/30 01:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/05/30 00:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/05/30 00:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/05/30 00:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/05/28 16:53:12 | 000,230,912 | ---- | M] () -- C:\WINDOWS\SysNative\clinfo.exe
[2014/05/28 16:53:12 | 000,129,536 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.9001.dll
[2014/05/28 16:53:12 | 000,099,840 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
[2014/05/28 16:53:12 | 000,086,528 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
[2014/05/28 16:53:12 | 000,083,968 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
[2014/05/28 16:53:12 | 000,073,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
[2014/05/28 16:53:04 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/05/28 16:53:04 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2014/05/28 16:53:02 | 008,287,008 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
[2014/05/28 16:53:02 | 006,630,232 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
[2014/05/28 16:53:02 | 003,461,040 | ---- | M] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2014/05/28 16:53:02 | 000,234,036 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2014/05/28 16:53:02 | 000,233,776 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2014/05/28 16:53:02 | 000,143,304 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
[2014/05/28 16:53:02 | 000,126,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
[2014/05/28 16:53:02 | 000,083,552 | ---- | M] () -- C:\WINDOWS\SysNative\ativce02.dat
[2014/05/28 16:53:00 | 008,927,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
[2014/05/28 16:53:00 | 007,751,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
[2014/05/28 16:53:00 | 003,426,688 | ---- | M] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2014/05/28 16:53:00 | 000,190,976 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2014/05/28 16:53:00 | 000,115,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
[2014/05/28 16:53:00 | 000,098,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
[2014/05/28 16:53:00 | 000,089,088 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atisamu64.dll
[2014/05/28 16:53:00 | 000,080,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atisamu32.dll
[2014/05/28 16:53:00 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/05/28 16:53:00 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysNative\atipblag.dat
[2014/05/28 16:52:58 | 022,157,824 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2014/05/28 16:52:56 | 026,352,128 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
[2014/05/28 16:52:56 | 000,332,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
[2014/05/28 16:52:56 | 000,051,200 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
[2014/05/28 16:52:56 | 000,047,887 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2014/05/28 16:52:54 | 013,209,088 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
[2014/05/28 16:52:54 | 000,721,296 | ---- | M] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2014/05/28 16:52:54 | 000,626,688 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
[2014/05/28 16:52:54 | 000,100,352 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
[2014/05/28 16:52:54 | 000,096,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
[2014/05/28 16:52:54 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
[2014/05/28 16:52:54 | 000,074,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
[2014/05/28 16:52:54 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2014/05/28 16:52:54 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
[2014/05/28 16:52:54 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
[2014/05/28 16:52:54 | 000,031,232 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2014/05/28 16:52:52 | 009,753,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
[2014/05/28 16:52:52 | 000,588,288 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2014/05/28 16:52:52 | 000,239,616 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2014/05/28 16:52:36 | 008,406,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
[2014/05/28 16:52:34 | 001,318,552 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
[2014/05/28 16:52:34 | 001,100,216 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
[2014/05/28 16:52:34 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
[2014/05/28 16:52:34 | 000,062,464 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
[2014/05/28 16:52:34 | 000,052,224 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2014/05/28 16:52:32 | 015,716,352 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
[2014/05/28 16:52:32 | 014,302,208 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2014/05/28 16:52:32 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
[2014/05/28 16:52:32 | 000,055,808 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
[2014/05/28 16:52:32 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2014/05/28 16:52:30 | 001,144,320 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
[2014/05/28 16:52:30 | 001,061,902 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2014/05/28 16:52:30 | 000,825,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2014/05/28 16:52:30 | 000,798,734 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/05/28 16:52:30 | 000,550,464 | ---- | M] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2014/05/28 16:52:30 | 000,550,464 | ---- | M] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2014/05/28 16:52:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
[2014/05/28 16:52:30 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
[2014/05/28 16:52:30 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2014/05/28 16:52:30 | 000,063,488 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/05/28 16:52:30 | 000,057,344 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014/05/28 16:52:30 | 000,043,520 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
[2014/05/28 16:52:28 | 001,187,342 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2014/05/28 16:52:28 | 000,995,342 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/05/28 16:52:26 | 029,382,144 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
[2014/05/28 16:52:24 | 024,860,160 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
[2014/05/28 16:52:24 | 000,412,672 | ---- | M] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2014/05/28 16:52:24 | 000,134,656 | ---- | M] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2014/05/28 16:52:24 | 000,123,392 | ---- | M] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/05/28 16:52:22 | 000,157,736 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\amdhcp64.dll
[2014/05/28 16:52:22 | 000,142,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\amdhcp32.dll
[2014/05/28 16:52:22 | 000,096,256 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdave64.dll
[2014/05/28 16:52:22 | 000,090,112 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdave32.dll
[2014/05/24 05:26:51 | 000,002,513 | ---- | M] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2014/05/24 05:26:50 | 000,000,306 | -HS- | M] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2014/05/24 05:26:48 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2014/05/18 23:31:41 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvcfg.exe
[2014/05/18 23:21:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe
[2014/05/18 22:23:45 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe
 
========== Files Created - No Company Name ==========
 
[2014/06/16 15:28:09 | 000,001,903 | ---- | C] () -- C:\Users\kathy\Desktop\Search.lnk
[2014/06/16 15:27:38 | 000,493,272 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\~eqswjpj.exe
[2014/06/16 15:20:53 | 000,001,442 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-5.job
[2014/06/16 15:20:44 | 000,001,364 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-2.job
[2014/06/16 15:20:40 | 000,001,502 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-1.job
[2014/06/16 15:20:37 | 000,002,234 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-4.job
[2014/06/16 15:20:34 | 000,003,818 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-11.job
[2014/06/16 15:20:29 | 000,003,136 | ---- | C] () -- C:\WINDOWS\tasks\4e38d619-a355-43b0-a4ed-5e802d8b0096-3.job
[2014/06/16 07:42:43 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\SMW_UpdateTask_Time_323238363235333932372d235b783432415b45345a2d6c.job
[2014/06/14 17:35:22 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/06/14 17:34:59 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/06/14 17:33:38 | 000,002,216 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/14 17:33:38 | 000,001,273 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/14 15:58:12 | 000,001,708 | ---- | C] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-5.job
[2014/06/14 15:58:03 | 000,001,520 | ---- | C] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-5.job
[2014/06/14 15:57:53 | 000,001,600 | ---- | C] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-2.job
[2014/06/14 15:57:53 | 000,001,394 | ---- | C] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-2.job
[2014/06/14 15:57:50 | 000,001,772 | ---- | C] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-1.job
[2014/06/14 15:57:47 | 000,001,428 | ---- | C] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-1.job
[2014/06/14 15:57:46 | 000,002,386 | ---- | C] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-4.job
[2014/06/14 15:57:40 | 000,004,156 | ---- | C] () -- C:\WINDOWS\tasks\fd7373df-dd78-4294-8414-43f612d26fa8-11.job
[2014/06/14 15:57:40 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/14 15:57:39 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/06/14 15:57:36 | 000,002,232 | ---- | C] () -- C:\WINDOWS\tasks\e659c2f6-b592-4eb3-89e8-8b6d7e4656ed-4.job
[2014/06/14 15:57:08 | 000,001,968 | ---- | C] () -- C:\Users\kathy\Desktop\YTDownloader.lnk
[2014/06/13 13:30:22 | 000,001,988 | ---- | C] () -- C:\Users\kathy\Desktop\Sync Folder.lnk
[2014/06/13 13:30:06 | 000,001,116 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/13 13:30:05 | 000,001,106 | ---- | C] () -- C:\Users\kathy\Desktop\MyPC Backup.lnk
[2014/06/13 13:29:12 | 000,001,201 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/06/13 13:28:55 | 000,001,233 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/06/13 13:28:16 | 000,000,000 | ---- | C] () -- C:\END
[2014/06/13 07:07:04 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ArcadeYum.job
[2014/06/09 11:37:05 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 11:28:49 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/06 07:53:55 | 000,001,744 | ---- | C] () -- C:\{6A3E4982-9BA9-46F4-9DE9-3C801EF46A17}
[2014/06/06 07:46:29 | 000,001,605 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/06 07:15:31 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/06/06 06:56:10 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/06/06 06:41:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/06/06 06:33:55 | 000,000,369 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/06/06 06:33:55 | 000,000,369 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/06/06 06:33:55 | 000,000,352 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/06/06 06:33:55 | 000,000,334 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/06/06 06:33:41 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/06/06 06:33:41 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/06/06 06:25:42 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/06 06:22:10 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/06/06 06:22:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/06/06 06:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/05/28 16:53:12 | 000,230,912 | ---- | C] () -- C:\WINDOWS\SysNative\clinfo.exe
[2014/05/28 16:53:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/05/28 16:53:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2014/05/28 16:53:02 | 003,461,040 | ---- | C] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2014/05/28 16:53:02 | 000,234,036 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2014/05/28 16:53:02 | 000,233,776 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2014/05/28 16:53:02 | 000,083,552 | ---- | C] () -- C:\WINDOWS\SysNative\ativce02.dat
[2014/05/28 16:53:00 | 003,426,688 | ---- | C] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2014/05/28 16:53:00 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/05/28 16:53:00 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysNative\atipblag.dat
[2014/05/28 16:52:56 | 000,047,887 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2014/05/28 16:52:54 | 000,721,296 | ---- | C] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2014/05/28 16:52:30 | 001,061,902 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2014/05/28 16:52:30 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/05/28 16:52:30 | 000,550,464 | ---- | C] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2014/05/28 16:52:30 | 000,550,464 | ---- | C] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2014/05/28 16:52:28 | 001,187,342 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2014/05/28 16:52:28 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/05/28 16:52:24 | 000,412,672 | ---- | C] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2014/05/28 16:52:24 | 000,134,656 | ---- | C] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2014/05/28 16:52:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/05/24 05:26:49 | 000,002,513 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2014/05/24 05:26:48 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2014/05/24 05:26:46 | 000,002,509 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
[2014/05/18 07:16:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/03/21 12:27:16 | 000,005,696 | ---- | C] () -- C:\WINDOWS\SysWow64\SecureAssist.ini
[2014/03/21 12:27:16 | 000,002,576 | ---- | C] () -- C:\WINDOWS\SysWow64\SecureAssistOff.ini
[2014/03/18 03:13:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 03:13:03 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/11 08:41:12 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/04/11 08:41:12 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2013/04/11 08:32:25 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013/04/11 08:32:24 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013/03/04 16:30:20 | 000,000,983 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014/06/09 12:31:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/06 07:11:12 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/06 07:11:12 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\kathy\OneDrive:ms-properties
 
< End of report >
 
 

OTL Extras logfile created on: 6/16/2014 4:16:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kathy\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.19 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 45.14% Memory free
4.76 Gb Paging File | 2.53 Gb Available in Paging File | 53.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571.70 Gb Total Space | 496.94 Gb Free Space | 86.92% Space Free | Partition Type: NTFS
Drive D: | 23.27 Gb Total Space | 2.34 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 6.26 Gb Free Space | 84.02% Space Free | Partition Type: FAT32
 
Computer Name: KATCOMPUTER | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC2895A-2EB1-421C-9EAB-6D2BA6AB7ADD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F43B77A-2656-47DB-AC05-91E021523FBB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1B8A2F46-E3E8-4253-83D2-907737EE148B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D8407D3-8F2D-45CB-B670-FCD80916FBF8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2E334581-76A6-4340-9E77-5031815869E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7AADD0C0-066B-4879-9FE4-139FDE1DAB94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{82927CC2-25BF-4F0B-B1D5-7E5E5B2B01BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{95D2565E-FA42-48C3-8E5A-DEF2507E41BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{981DA001-78FC-4E5B-BB02-9825DFE22590}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{A5F0AB51-0573-4865-A80C-D128592BF64E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D19FF8AA-8993-4216-A311-EF87A7CD8B3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC8E0AE5-3949-4099-AEEC-24BDCB8EA27F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E3A77788-9351-46DC-81B3-893D213968B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EBADB620-ABC3-4185-B569-1C72C2EE0CFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F88D3-5C46-46E4-A82C-1BDCD62A8E73}" = dir=in | name=hp all-in-one printer remote | 
"{011BEBB7-9D78-4565-9603-2F1FB3075715}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{06381A8A-FB39-40AD-A7BD-67C1DF8FF22E}" = dir=in | name=check point vpn | 
"{06CB98B2-B27B-4531-915E-75F7B4D55A60}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{08424419-952A-4167-932B-7225029D44F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{0A8C8429-C556-4412-882F-AF274A0F796A}" = dir=out | name=hp all-in-one printer remote | 
"{13BD4063-8725-48D8-A3EC-1D6D6E25EF3E}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{164200CB-90BD-4228-80CA-76A7BEAF0322}" = dir=out | name=photo editor | 
"{1DA7172B-64CF-4F5C-A850-63120C3D0E1B}" = dir=out | name=windows_ie_ac_001 | 
"{21A71398-1CDC-4FE3-AAC2-6081172764C9}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{2590ADFC-A9F2-4AAB-A026-B8D3C6517402}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{25A0017A-6DB5-457C-96DA-BD1B4A6FE7B1}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{263E2C1C-FE84-48ED-B8A8-E09B6787B9B4}" = dir=in | name=microsoft solitaire collection | 
"{28C53284-E411-4AAA-AD70-7CD9D43727CF}" = dir=in | name=hp+ | 
"{2B12FC37-6222-4C06-B77A-9BDD8E229E3E}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{2C8EFF07-7EA0-49B3-B2DC-CF61B87C2887}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{2FBAB1C6-9E61-4E4E-9D27-9F0F86D75AE5}" = dir=out | name=adobe revel | 
"{32B8CEC0-78D0-42D3-A3D9-0943020CE5B2}" = dir=in | name=getting started with windows 8 | 
"{349FDD9A-3E0D-427D-9036-424F8260B8E3}" = dir=out | name=onenote | 
"{398571F2-8252-4678-AB1B-0FEAFB6D7FBC}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{3B76B4F0-0DAE-4829-844A-0AB2FA6D53BA}" = dir=in | name=adobe photoshop express | 
"{3B7849B7-6916-47B7-9C3C-08E09016EAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CA90C82-8825-4741-9D56-F7D36201EA10}" = dir=in | name=juniper networks junos pulse | 
"{3DCF1BFF-C2DD-48CB-98B8-AED2CA7B114C}" = dir=out | name=hp registration | 
"{3F02DD72-0A92-44D7-BB64-0A27C5F53930}" = dir=out | name=box | 
"{400DFD7C-977A-42A1-B446-AF7352A715C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{419A58E6-6913-4A6F-BDBB-914E1BE93060}" = dir=out | name=@{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{421AA0A2-796B-43CB-8F88-C95B2D60D52C}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{441B3B3F-2A26-4EAD-A820-F151F19CF502}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{44479DD8-8EC7-492F-A50F-E4362FD060A4}" = dir=out | name=check point vpn | 
"{46775AE5-27BF-4D72-A54A-D490D3883ECC}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{4A6A1E91-7E57-42DA-BDCF-94CA8F28EE4C}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{4AD56A4C-3088-429C-91AB-BB26FC16D44F}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4BA5A107-9C32-462D-9E5D-92EB12DE8D12}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{4BD4980F-5DF2-4DD6-B7EB-A692DF66D495}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{4C19AB6A-6968-47E0-9553-CA04E06813AC}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{4FAD7160-8248-4FDC-84E9-866FFC642F13}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{51C40CF7-EBAA-4BFE-9866-F711E365DE53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{54D74DCD-9089-4DD0-AE16-56E8419D1197}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{56326651-8908-4E33-95EA-09D8BB23DA8F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{57C51650-1FDC-4746-AE2E-4C9CC6CE2B3A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{616866E5-ECBC-4918-AB7E-E07B728A0BB8}" = dir=in | name=hp connected photo | 
"{63BBF761-B074-48D5-9982-25258EC28A64}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{6580F793-A2B8-4163-8B68-76CF2A9D8720}" = dir=in | name=adobe revel | 
"{69BAE4CF-47EF-43D4-9980-158D77F9A35A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{7098320D-3BA2-4DE0-BFD5-C7140082B365}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{726EBAC1-7805-4F6B-A35F-D57DDE86768C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{749F730C-478B-42BE-A9D3-301E0F2A2EB3}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{7A5BD51C-AFE7-48D3-9299-C0132CC72653}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{7F2F51FB-0262-4135-A7DA-27225E8528A7}" = dir=in | name=onenote | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{842BC65A-9A05-4361-9234-0B89B7E011AD}" = dir=out | name=kindle | 
"{8534B7BE-EF20-4EAF-8792-69C20BA38970}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{88B5F9C0-FF85-4621-ADE9-C38826B0057D}" = dir=out | name=hp connected photo | 
"{8A6DCEBE-6A13-412E-8F1E-605FB12D40CB}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8BE1B950-DD1C-4CFC-9AB2-5C2E00C260F0}" = dir=out | name=juniper networks junos pulse | 
"{900696A4-5EFD-4758-8C5F-8898CA3112C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{94E946C1-7164-4310-ABBE-DF4A93A29BBC}" = dir=out | name=norton studio | 
"{950E6536-68D5-4D3D-91FB-A5720AF75367}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{95361B84-2F19-4BCF-99D3-968B709DD5EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9C727649-925C-4266-B52A-7F3E12E228CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{9E1F6E16-1617-41FE-A85D-9111187BCD09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A4F02078-00C4-4418-AAA4-FCCA4769FFD5}" = dir=out | name=microsoft mahjong | 
"{A96AFB61-A2AE-454B-8EE6-AB129EB0BAFD}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{AB29408C-C94E-46AD-A17A-7013042554F9}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{ABAF4E5D-AB6C-4A34-9C13-78F18DA0B8D2}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{ADBF6566-BDD7-4E9B-A81E-4AF5D9A6D517}" = dir=out | name=skype | 
"{AFA57DA1-43CD-49EF-8034-106D6B0C5CED}" = dir=out | name=hp+ | 
"{B3A8C398-A58F-4E1B-A4A1-11208444F1AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C2DF7585-C13D-4B6F-A830-976950514DCB}" = dir=out | name=youcam for hp | 
"{C7EB2321-B574-41BC-95C7-05BE021CD6A8}" = dir=in | name=box | 
"{CB04BB77-1178-4B33-B6D6-FEEE704C4D3E}" = dir=out | name=f5 vpn | 
"{CCBECA15-6028-4ED0-B679-BB6412EBF83A}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D10BA314-CDF8-4D77-B570-47184FE5B931}" = dir=out | name=adobe photoshop express | 
"{D1B8EB15-A0E2-41CF-B37A-C36099AF28A6}" = dir=out | name=hp games | 
"{D2CFEEB9-D814-4D13-8769-63B515708B68}" = dir=out | name=windows_ie_ac_001 | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D8B35049-E68B-459C-B932-DC0C65502705}" = dir=out | name=ebay | 
"{DB197335-7EED-4954-9146-E2AEA293B254}" = protocol=6 | dir=out | app=system | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC8231AF-5956-489D-84EC-3C5F291215D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF091C69-FEAA-430A-92AA-3C9B9F108534}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{E3665E26-7AD1-4B06-8372-764B8E8D85E3}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{E36AF6C4-2C74-443A-81F1-5C392AC17E8B}" = dir=in | name=skype | 
"{E497CCB7-683D-456E-BDDB-46B860F6CF85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5F24353-B6C0-40F0-83B1-46DB6AF765B5}" = dir=in | name=microsoft mahjong | 
"{E7589EA1-4056-4341-BB89-2222F09283A7}" = dir=out | name=sonicwall mobile connect | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA6AD8A9-6946-4138-B752-25F78D0E562E}" = dir=out | name=windows_ie_ac_001 | 
"{EA7544D3-3D4C-4DE3-B1D2-A444DCB26EFA}" = dir=out | name=getting started with windows 8 | 
"{EABEA896-37D9-40E3-82FE-9D65FC14451D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EB99E678-1539-4DF3-AAC5-BD3F079B91C5}" = dir=out | name=netflix | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ED846A8F-A269-4891-882F-7A51FD262FD6}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{EED43CE5-2200-4FA5-BF06-8642EAF9BE90}" = dir=out | name=microsoft solitaire collection | 
"{F03E9214-5EF3-48A2-AE0A-0876BEAD9A63}" = dir=out | name=kvadphoto+ pro | 
"{F4092BC9-B7FA-40EE-9FDC-FE94824BBE7D}" = dir=in | name=sonicwall mobile connect | 
"{F5836892-8D15-493A-86C0-8E00BDD86817}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6FB786D-462E-4714-94B0-7B001A21BD92}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F8BDE6D5-0B45-414A-9145-15A7B756B7E9}" = dir=in | name=f5 vpn | 
"{F91C03D2-F80B-451C-BCD4-FDC09D59FAD3}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{F95AB651-1658-47B2-B2F9-6B091A8603BC}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{FAC84A30-0EF8-4973-808C-245370B3DECB}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{FDAADB28-CE5B-4E00-95C0-35352F8B6259}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7B83C685-3EA9-544F-9580-368394C67C3A}" = Ralink Bluetooth Stack64
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF3589E-483F-65F3-32F7-006C0B162891}" = AMD Fuel
"{9E2BF31C-7E39-C549-8AFE-56C3B927BD91}" = AMD Catalyst Install Manager
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AFD060D5-8D37-8B06-6A03-F2C5128496ED}" = ccc-utility64
"{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}" = SupraSavings
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2B9FC01-887F-AB28-8880-233894150681}" = AMD Accelerated Video Transcoding
"MyPC Backup" = MyPC Backup 
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"suprasavings" = suprasavings
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{020FF978-7DD6-EEE3-47E3-2F37B6449F54}" = CCC Help Chinese Standard
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{117DF79C-38F1-8A46-A488-365A72C4C1F1}" = CCC Help Finnish
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1E48910A-F1D9-0526-DF24-8024C3BA7566}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2585840A-1098-A34B-42BD-9422B84602F7}" = CCC Help Polish
"{25EC2D8D-D64D-4EA0-6341-C0F79883FBFE}" = CCC Help Chinese Traditional
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{300699CA-B992-4719-0D29-3A33D960D4AC}" = Catalyst Control Center Graphics Previews Common
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{391FE76E-DC08-180B-61EF-C208698E6199}" = CCC Help Dutch
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{586FC9AE-F8A1-D397-178A-304F67D4AF18}" = CCC Help English
"{58F9538F-E242-C094-B68D-3A4CB9E3654A}" = CCC Help Danish
"{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{600C1E5D-E59E-9B9A-824C-70A3A863DCC9}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BE061BE-0474-EA1F-DE33-91826D7868D9}" = CCC Help French
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F149284-BA2D-DB74-0405-EB5D9D2F452C}" = CCC Help Korean
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8BF1459F-FDDE-673C-2378-A803DC278270}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{927CFF8E-A448-46D3-01B9-764FC2A881BA}" = CCC Help Greek
"{966BD8E8-DEAB-458D-B330-1388A4CC0A6C}" = HP Documentation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9E1227EB-BFD6-970B-7867-0658EC53525F}" = CCC Help Hungarian
"{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1" = PC Tech Hotline
"{A34FE6B9-B981-B2F5-DF3D-78D61776EA0C}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ADA2A358-7172-4ABE-3B55-5BEE8AB62D34}" = Zoosk Messenger
"{AE794AB6-424B-31E9-5EA1-968088EFAE06}" = Catalyst Control Center InstallProxy
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B82085C0-07DD-5E7F-1D48-D63087064524}" = CCC Help Czech
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA4355A4-E388-117A-721A-F1B23175B9AD}" = AMD VISION Engine Control Center
"{BB5B11D5-ADC5-9AA2-76D9-8C447C4EC3B7}" = CCC Help German
"{BC63AE56-730A-D46F-27A6-C579E8390CB2}" = CCC Help Swedish
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3E46E73-67D3-72FA-0AA9-5A1CBE9CE0DD}" = CCC Help Norwegian
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C54BC404-EA0C-044E-F118-2E02802626F4}" = CCC Help Portuguese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFD9991F-F7EE-1B2E-F4FE-99E2BC2836CE}" = CCC Help Russian
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E6B105B8-1F65-4428-9397-1DFD8A03B94D}" = SupraSavings
"{ED684F1C-291C-A7BE-D464-8A44717F8F17}" = CCC Help Thai
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EEEDA52B-3C42-4BD7-BE42-FDB596EAFCEF}" = Catalyst Control Center - Branding
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}" = HP System Event Utility
"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.42
"{F90A86C9-7779-47DD-AC06-8EE832C55F55}" = HP 3D DriveGuard
"{FA26FB8C-5FC4-0EA8-EED9-32AE23A2DCCA}" = Catalyst Control Center Localization All
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bueno Chrome Toolbar" = Bueno Chrome Toolbar
"buenosearch" = buenosearch toolbar  
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"CouponXplorer_5zbar Uninstall Internet Explorer" = CouponXplorer Internet Explorer Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"iWebar" = iWebar
"N360" = Norton 360
"Object Browser" = Object Browser
"Plus-HD-9.1" = Plus-HD-9.1
"Search module" = Search module
"SearchProtect" = Search Protect
"ShopperPro" = Shopper-Pro
"spprt" = Shield Plus
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"t4pc_en_5_is1" = t4pc_en_5
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-024b291a-e8c1-435c-adab-bcb378551cff" = Airport Mania
"WTA-0ab02038-7b78-4475-a95a-8cfa645ab131" = Build-a-lot
"WTA-11e1f659-211a-41d5-9dc1-4386cc62d2df" = Azteca
"WTA-12edb9f7-a133-4d7e-b83e-32d5ba75d548" = Governor of Poker 2 Premium Edition
"WTA-14da1dda-578e-47d2-b40f-a0f328e77bc0" = Bounce Symphony
"WTA-18e491c9-0e0f-4abd-a34e-7b7a63573641" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-1f663256-f814-454f-bc1f-4ea434603ddb" = Tales of Lagoona
"WTA-23ea7156-9efa-478e-97f8-8a7e84308368" = Royal Challenge Solitaire
"WTA-263956e1-35b4-453f-b4d8-895de8522fc6" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-272f6a19-9e49-4e21-9017-2ca5ff7274ef" = Royal Envoy 2 Collector's Edition
"WTA-29f7cb56-6181-43d6-b37f-2df8d17d5623" = Curse at Twilight
"WTA-32f42328-0b5c-40f1-b8ee-3294c867a541" = Luxor Evolved
"WTA-357dcb28-4a7b-4e76-b255-cc08e4408098" = Zuma's Revenge
"WTA-3d6dc4ac-edf1-464c-b745-ac9d5ca246dc" = 4 Elements II
"WTA-46f9ffe7-e22b-4f99-8ba2-0ade1cbfa540" = House of 1000 Doors: Family Secrets
"WTA-49ac6319-2ef5-49a1-8b33-fd5370159954" = Cradle Of Egypt Collector's Edition
"WTA-4b7129c3-c835-4f0a-ad1e-9d4dabfa6ca9" = Farm Frenzy
"WTA-7b5aafe9-de65-4fd5-974a-16a5d1b4e3fb" = Tri-Peaks 2 Quest for the Ruby Ring
"WTA-833e5573-6883-4575-a862-760c5b5a7fae" = Polar Bowler
"WTA-849d5930-b929-4863-8b32-95edcc5d6089" = Plants vs. Zombies - Game of the Year
"WTA-884bf83c-f9aa-4f7d-8c72-5158c6c1d939" = Mah Jong Medley
"WTA-88cc2132-7d3a-45eb-930c-3a1994ae0da2" = Peggle Nights
"WTA-8d19f1b9-6738-4b1d-93bd-96c2776710c7" = Roads of Rome 3
"WTA-8dd75b37-003f-4044-9a3d-af06bd6c2401" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-b976e8f1-6300-4774-b08c-89bb8a0cd17a" = Bejeweled 3
"WTA-c03c26d0-bc26-46c2-88fc-81772228ba4f" = Jewel Match 3
"WTA-c3443807-a326-4b7f-a6d7-3ea0414a0692" = Match-3 All-Time Hit Bundle
"WTA-cded623c-4f1f-4d69-8645-62fc0d95e32e" = Youda Jewel Shop
"WTA-f4e75e98-5ba5-4a10-b866-af4190951dbe" = Cradle of Rome 2
"WTA-f6122ae2-8457-452c-82b6-4befc66e75e9" = Vacation Quest™ - Australia
"YTDownloader" = YTDownloader
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArcadeYum" = ArcadeYum
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"Price Metér" = Price Metér (remove only)
"Severe Weather Alerts" = Severe Weather Alerts
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/9/2014 7:53:02 PM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/9/2014 7:53:02 PM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1453
 
Error - 6/9/2014 7:53:02 PM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1453
 
Error - 6/9/2014 7:57:48 PM | Computer Name = katcomputer | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App Microsoft.BingNews_3.0.2.261_x64__8wekyb3d8bbwe+AppexNews did 
not launch within its allotted time.
 
Error - 6/9/2014 7:57:50 PM | Computer Name = katcomputer | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.3.9600.17031 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 668    Start
 Time: 01cf843e9066d04c    Termination Time: 4294967295    Application Path: C:\WINDOWS\system32\wwahost.exe
 
Report
 Id: dbf8c068-f031-11e3-bec0-1c3e847e4ca8    Faulting package full name: Microsoft.BingNews_3.0.2.261_x64__8wekyb3d8bbwe
 
Faulting
 package-relative application ID: AppexNews  
 
Error - 6/9/2014 7:57:50 PM | Computer Name = katcomputer | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed
 with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 6/10/2014 9:56:40 AM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/10/2014 9:56:40 AM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1484
 
Error - 6/10/2014 9:56:40 AM | Computer Name = katcomputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1484
 
Error - 6/10/2014 10:32:10 AM | Computer Name = katcomputer | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20498 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 10e0    Start
 Time: 01cf843e7f75c277    Termination Time: 4294967295    Application Path: C:\Program 
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report
 Id: eca8eb06-f0ab-11e3-bec0-1c3e847e4ca8    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
 
Faulting
 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  
 
[ Hewlett-Packard Events ]
Error - 5/2/2014 8:58:54 AM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 5/20/2014 9:02:50 AM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 5/20/2014 9:07:29 AM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 5/20/2014 9:13:10 AM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 5/20/2014 9:19:03 AM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 6/9/2014 4:46:27 PM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 6/9/2014 4:47:36 PM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 6/9/2014 4:48:37 PM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 6/9/2014 4:50:20 PM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
Error - 6/9/2014 4:50:58 PM | Computer Name = katcomputer | Source = HPSF.exe | ID = 2000
Description = 
 
[ System Events ]
Error - 6/8/2014 9:21:40 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.BingTravel.
 
Error - 6/8/2014 9:21:45 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: microsoft.windowscommunicationsapps.
 
Error - 6/8/2014 9:21:47 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.ZuneVideo.
 
Error - 6/8/2014 9:21:47 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.SkypeApp.
 
Error - 6/8/2014 9:21:47 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.BingNews.
 
Error - 6/8/2014 9:22:26 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.BingFinance.
 
Error - 6/8/2014 9:22:27 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.ZuneMusic.
 
Error - 6/8/2014 9:22:39 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: Microsoft.BingFoodAndDrink.
 
Error - 6/8/2014 9:22:42 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80073d02: AD2F1837.HPConnectedPhotopoweredbySnapfish.
 
Error - 6/8/2014 10:15:19 AM | Computer Name = katcomputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8007000d: Update for Microsoft Camera Codec Pack for Windows 8.1 for
 x64-based Systems (KB2899189).
 
 
< End of report >
 

 


  • 0

Advertisements

#2
pystryker
Posted 18 June 2014 - 05:25 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:



Hi :) We'll need a usb so we can download the tools and fixes to your machine and then transfer them to the infected machine. We'll also protect your machine by installing McShield before we do anything regarding the usb. This program will check the usb and make sure it is clean and will scan it every time you plug in back into your machine.

I'm currently reviewing the OTL logs and will post instructions when finished. In the meantime, please install the McShield Program.


Step 1: Download and Install McShield


Download MCShield to your desktop and install
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Then in the control center select Scanner and tick unhide items on flash drives.
mcshieldunhide_zps00a3e64b.jpg
  • Plug in the drive and McShield will start a scan
  • Then get the log which will be here :
  • Start > all programs > MCShield > logs > all scans
And post that in your next reply.
  • 0

#3
skandranon1971
Posted 18 June 2014 - 08:13 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

I am a help desk tech myself, though I do not know malware security techniques well.  Here is the log from Mcsheild:

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.6.15.1 / Windows 8.1 <<<
 
 
6/18/2014 7:12:06 PM > Drive F: - scan started (no label ~7630 MB, FAT32 flash drive )...
 
 
 
=> The drive is clean.

  • 0

#4
pystryker
Posted 18 June 2014 - 08:19 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, here we go. :) There is much to be done, so I'm going to break it down into 2 steps at a time until we get a lot of the junk off the machine. Then we'll run some other scans to look for rootkits to see if anything is hiding.



Please disable the antivirus on the infected machine for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine as they are all malware/adware related programs. If one of the programs in the list below

doesn't show up in the list of programs to uninstall, no worries, just move to the next one. If you get an errors that says it's already uninstalled

or can't be found and would you like to remove it from the list, answer yes.
  • Plus HD
  • Object Browser
  • Shield Plus
  • SupraSavings or suprasavings
  • MyPC Backup
  • PC Fix Speed 1.2.0.42
  • Bueno Chrome Toolbar
  • buenosearch toolbar
  • CouponXplorer Internet Explorer Toolbar
  • iWebar
  • Object Browser
  • Plus-HD-9.1
  • Search module
  • Search Protect
  • Shopper-Pro
  • Shield Plus
  • t4pc_en_5
  • YTDownloader
Step 2: OTL Fix


Let's run an OTL fix:

Download the attached fix.txt file and transfer it to the infected machine's desktop.Attached File  fix.txt   11.25KB   248 downloads

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

Click on Run Fix. Click OK to load the fix.txt and click on Run Fix again.

otlrunfix.jpg
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log
  • 0

#5
skandranon1971
Posted 19 June 2014 - 09:18 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service vxlsnyaiet64 stopped successfully!
Service vxlsnyaiet64 deleted successfully!
C:\Program Files\003\vxlsnyaiet64.exe moved successfully.
Error: No service named SMUpd was found to stop!
Service\Driver key SMUpd not found.
File C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe not found.
Error: No service named Service was found to stop!
Service\Driver key Service not found.
File C:\Users\kathy\AppData\Local\ShieldPlus\spprt\spsvc.exe not found.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe not found.
Service BackupStack stopped successfully!
Service BackupStack deleted successfully!
C:\Program Files (x86)\MyPC Backup\BackupStack.exe moved successfully.
Service PCTechHotlineSvc stopped successfully!
Service PCTechHotlineSvc deleted successfully!
C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe moved successfully.
Error: No service named CouponXplorer_5zService was found to stop!
Service\Driver key CouponXplorer_5zService not found.
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe moved successfully.
Error: No service named SMUpdd was found to stop!
Service\Driver key SMUpdd not found.
File C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys not found.
Service sbmntr stopped successfully!
Service sbmntr deleted successfully!
C:\Program Files (x86)\YTDownloader\sbmntr.sys moved successfully.
Service SPDRIVER_1.36.1.172 stopped successfully!
Service SPDRIVER_1.36.1.172 deleted successfully!
C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9b138bf3-1d40-4e7e-84bb-2975198ad938} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b138bf3-1d40-4e7e-84bb-2975198ad938}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@CouponXplorer_5z.com/Plugin\ not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150}\ not found.
File C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311551110}\ not found.
File C:\Program Files (x86)\iWebar\iWebar-bho64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}\ not found.
File C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-bho64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ deleted successfully.
C:\ProgramData\ShopperPro\ShopperPro64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0297a026-3011-46d3-ad62-bb9a7612aea7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}\ not found.
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
C:\Program Files (x86)\SupraSavings\2rs3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150}\ not found.
File C:\Program Files (x86)\Object Browser\Object Browser-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311551110}\ not found.
File C:\Program Files (x86)\iWebar\iWebar-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}\ not found.
File C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d69ed06-0171-4379-9528-08df51092727}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d69ed06-0171-4379-9528-08df51092727}\ not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ deleted successfully.
C:\ProgramData\ShopperPro\ShopperPro.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}\ not found.
File C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{65c72339-fb1d-4155-84e1-9afacee02d6f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}\ not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{828DC97A-2277-4E10-92A9-4907FA0922A9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}\ not found.
File C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{65C72339-FB1D-4155-84E1-9AFACEE02D6F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65C72339-FB1D-4155-84E1-9AFACEE02D6F}\ not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{65C72339-FB1D-4155-84E1-9AFACEE02D6F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65C72339-FB1D-4155-84E1-9AFACEE02D6F}\ not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer Home Page Guard 64 bit not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer EPM Support not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer Search Scope Monitor not found.
File C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer_5z Browser Plugin Loader not found.
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponXplorer_5z Browser Plugin Loader 64 deleted successfully.
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon64.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_96 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCFixSpeed deleted successfully.
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline deleted successfully.
C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Price Finder deleted successfully.
C:\Program Files (x86)\Price Finder\PriceFinderHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver deleted successfully.
C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\t4pc_en_5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader deleted successfully.
C:\Program Files (x86)\YTDownloader\YTDownloader.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver deleted successfully.
File C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader deleted successfully.
File C:\Program Files (x86)\YTDownloader\YTDownloader.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upt4pc_en_5.exe not found.
File C:\Users\kathy\AppData\Local\t4pc_en_5\upt4pc_en_5.exe not found.
C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.
File c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
Folder C:\Program Files (x86)\buenosearch LTD\ not found.
Folder C:\Users\kathy\AppData\Roaming\BabSolution\ not found.
Folder C:\Users\kathy\AppData\Local\ShieldPlus\ not found.
C:\Users\kathy\AppData\Roaming\PCFixSpeed\News folder moved successfully.
C:\Users\kathy\AppData\Roaming\PCFixSpeed folder moved successfully.
C:\Users\kathy\AppData\Roaming\PC Tech Hotline\skin folder moved successfully.
C:\Users\kathy\AppData\Roaming\PC Tech Hotline folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline folder moved successfully.
C:\ProgramData\PCFixSpeed\Translate folder moved successfully.
C:\ProgramData\PCFixSpeed folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed folder moved successfully.
C:\Program Files (x86)\PCFixSpeed folder moved successfully.
C:\Program Files (x86)\SupraSavings folder moved successfully.
C:\Program Files\suprasavings folder moved successfully.
C:\Program Files\003 folder moved successfully.
Folder C:\Program Files (x86)\iWebar\ not found.
Folder C:\Program Files (x86)\Object Browser\ not found.
C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader folder moved successfully.
C:\Program Files (x86)\YTDownloader folder moved successfully.
C:\ProgramData\SearchModule folder moved successfully.
C:\Program Files\Common Files\Goobzo\GBUpdate folder moved successfully.
C:\Program Files\Common Files\Goobzo folder moved successfully.
C:\ProgramData\ShopperPro folder moved successfully.
C:\Users\Public\Documents\ShopperPro\JsDriver folder moved successfully.
C:\Users\Public\Documents\ShopperPro folder moved successfully.
C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172 folder moved successfully.
C:\Program Files (x86)\ShopperPro\JSDriver folder moved successfully.
C:\Program Files (x86)\ShopperPro\FireFox\content folder moved successfully.
C:\Program Files (x86)\ShopperPro\FireFox folder moved successfully.
C:\Program Files (x86)\ShopperPro folder moved successfully.
C:\Users\kathy\Documents\Optimizer Pro folder moved successfully.
C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup folder moved successfully.
C:\Program Files (x86)\MyPC Backup\~updates folder moved successfully.
C:\Program Files (x86)\MyPC Backup\x86 folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\x64 scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Resources\keycache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources\cache\14061412 folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources folder moved successfully.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\Database scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup scheduled to be moved on reboot.
C:\Program Files (x86)\Optimizer Pro folder moved successfully.
Folder C:\Program Files (x86)\SearchProtect\ not found.
Folder C:\Users\kathy\AppData\Local\SearchProtect\ not found.
C:\Users\Public\Desktop\PC Tech Hotline.lnk moved successfully.
C:\Users\Public\Desktop\Optimize Your PC.lnk moved successfully.
C:\Users\kathy\Desktop\YTDownloader.lnk moved successfully.
C:\END moved successfully.
File C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Users\kathy\Desktop\MyPC Backup.lnk moved successfully.
File C:\Users\Public\Desktop\PC Tech Hotline.lnk not found.
File C:\Users\Public\Desktop\Optimize Your PC.lnk not found.
File C:\Users\kathy\Desktop\YTDownloader.lnk not found.
File C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Users\kathy\Desktop\MyPC Backup.lnk not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Object Browser not found.
File\Folder C:\Program Files (x86)\Plus-HD-9.1 not found.
File\Folder C:\Users\kathy\AppData\Local\ShieldPlus not found.
File\Folder C:\Users\kathy\AppData\Local\t4pc_en_5 not found.
File\Folder C:\Program Files (x86)\SearchProtect not found.
File\Folder C:\Program Files (x86)\YTDownloader not found.
File\Folder C:\Program Files (x86)\ShopperPro not found.
C:\Program Files (x86)\PCTechHotline folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5z\bar folder moved successfully.
C:\Program Files (x86)\CouponXplorer_5z folder moved successfully.
File\Folder C:\Program Files\Common Files\Goobzo not found.
File\Folder C:\Program Files\003 not found.
File\Folder C:\Program Files (x86)\iWebar not found.
File\Folder C:\Program Files (x86)\SupraSavings not found.
< netsh advfirewall reset /c >
Ok.
C:\Users\kathy\Desktop\cmd.bat deleted successfully.
C:\Users\kathy\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c  >
Ok.
C:\Users\kathy\Desktop\cmd.bat deleted successfully.
C:\Users\kathy\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\kathy\Desktop\cmd.bat deleted successfully.
C:\Users\kathy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: kathy
->Temp folder emptied: 96585134 bytes
->Temporary Internet Files folder emptied: 18828092 bytes
->Google Chrome cache emptied: 13330579 bytes
->Flash cache emptied: 58072 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11211821 bytes
RecycleBin emptied: 16358635 bytes
 
Total Files Cleaned = 149.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06192014_195441
 
Files\Folders moved on Reboot...
C:\Program Files (x86)\MyPC Backup\x64 folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Database folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources folder moved successfully.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
File\Folder C:\Users\kathy\AppData\Local\Microsoft\Windows\INetCache\IE\BP3ZM7MS\init3[2].js not found!
C:\Users\kathy\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\FireFly(20140617154257744).log moved successfully.
C:\WINDOWS\temp\integratedoffice.exe_c2rdll(20140617154258744).log moved successfully.
C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(20140617154257744).log moved successfully.
C:\WINDOWS\temp\integratedoffice.exe_streamserver(20140617154259744).log moved successfully.
File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\SecureAssist.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

  • 0

#6
pystryker
Posted 19 June 2014 - 09:44 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looks good, let's continue. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: OTL Quick Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

Question: How is the machine running now?

Junkware
  • 0

#7
skandranon1971
Posted 21 June 2014 - 12:00 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

I will be out of town this weekend until Monday afternoon.  I will run these next items when I return if that is ok.  


  • 0

#8
pystryker
Posted 21 June 2014 - 02:39 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I will be out of town this weekend until Monday afternoon.  I will run these next items when I return if that is ok.


No worries, that'll be fine. :thumbsup:
  • 0

#9
skandranon1971
Posted 24 June 2014 - 07:30 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

the computer is running better.  tuvaro and search-net or search-assistant are still showing but I can navigate without the internet crashing now.

 

The logs are:

 

# AdwCleaner v3.213 - Report created 24/06/2014 at 18:00:11
# Updated 23/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : kathy - KATCOMPUTER
# Running from : C:\Users\kathy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : SecureAssist
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\kathy\AppData\Local\globalUpdate
Folder Deleted : C:\Users\kathy\AppData\Local\PriceMeter
Folder Deleted : C:\Users\kathy\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\kathy\AppData\LocalLow\buenosearch LTD
Folder Deleted : C:\Users\kathy\AppData\LocalLow\iac
Folder Deleted : C:\Users\kathy\AppData\Roaming\wp_update
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\WINDOWS\SysWOW64\SecureAssist.ini
File Deleted : C:\WINDOWS\SysWOW64\SecureAssistOff.ini
File Deleted : C:\WINDOWS\System32\drivers\SAWFP64.sys
File Deleted : C:\WINDOWS\System32\SecureAssist.ini
File Deleted : C:\WINDOWS\System32\SecureAssistOff.ini
File Deleted : C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
File Deleted : C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
File Deleted : C:\Users\kathy\Desktop\Sync Folder.lnk
File Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp
File Deleted : C:\WINDOWS\System32\Tasks\pricemeterdownloader
File Deleted : C:\WINDOWS\System32\Tasks\ShopperPro
File Deleted : C:\WINDOWS\System32\Tasks\ShopperProJSUpd
File Deleted : C:\WINDOWS\System32\Tasks\SMupdate1
File Deleted : C:\WINDOWS\System32\Tasks\SPDriver
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\kathy\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\kathy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{746c749a-528c-4e31-bc96-848c0d909fb4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Key Deleted : HKCU\Software\suprasavings
Key Deleted : HKCU\Software\Tuto4PC
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Rr Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : acfoobbgoakpihljnfedbcfaipcdlfhk
 
*************************
 
AdwCleaner[R0].txt - [6974 octets] - [24/06/2014 17:59:41]
AdwCleaner[S0].txt - [6546 octets] - [24/06/2014 18:00:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6606 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by kathy on Tue 06/24/2014 at 18:05:55.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311281150}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291116}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/24/2014 at 18:11:58.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

OTL logfile created on: 6/24/2014 6:15:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kathy\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.19 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 69.03% Memory free
4.07 Gb Paging File | 2.97 Gb Available in Paging File | 72.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571.70 Gb Total Space | 497.02 Gb Free Space | 86.94% Space Free | Partition Type: NTFS
Drive D: | 23.27 Gb Total Space | 2.34 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
 
Computer Name: KATCOMPUTER | User Name: kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/16 16:16:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
PRC - [2014/05/10 23:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
PRC - [2014/05/05 07:24:56 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/03/07 01:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/12/25 15:20:30 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/08/05 00:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/01/31 18:31:42 | 001,626,872 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/10 13:23:30 | 000,379,904 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 00:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2013/01/31 17:04:00 | 000,070,904 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2013/01/10 12:59:24 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2013/01/10 11:25:58 | 000,353,280 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2013/01/10 11:25:56 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/06 07:15:31 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/06/06 07:15:31 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/06/06 07:11:59 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/06/06 07:11:59 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/06/06 07:11:12 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/06 07:11:12 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/06/06 07:11:12 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/06/06 07:06:45 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2014/05/28 16:52:52 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/03/18 03:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 03:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 03:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 03:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 03:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 03:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/18 03:13:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/03/18 03:13:13 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/24 12:49:44 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/03/01 15:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013/02/26 00:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/02/19 22:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2012/12/07 07:05:16 | 001,854,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2014/06/06 07:11:12 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/06/06 07:06:47 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/06/06 07:06:44 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/06/06 07:06:43 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/05/10 23:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/05 07:24:57 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/05/05 07:24:56 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/01/31 18:31:42 | 001,626,872 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/01/10 13:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/13 21:03:50 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/06/09 13:52:05 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/06/09 13:49:00 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014/06/06 07:15:34 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/06/06 07:15:31 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/06/06 07:15:31 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/06/06 07:15:31 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/06/06 07:12:00 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/06/06 07:12:00 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/06/06 07:11:59 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/06/06 07:11:12 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/05/28 16:52:54 | 013,209,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/05/28 16:52:54 | 000,626,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/05/01 06:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 03:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 03:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 03:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/18 03:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 03:13:01 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 03:13:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/03/18 03:13:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 03:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 03:13:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 03:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 03:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 03:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 03:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 02:45:47 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/03/18 02:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 16:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 18:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/27 20:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/12/04 11:02:30 | 002,505,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/10/30 00:26:30 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/10/30 00:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/29 23:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/29 23:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/09/10 08:55:43 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/01 15:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013/03/01 15:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013/02/26 10:36:46 | 000,049,200 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2013/02/14 20:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/05 21:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/02/05 21:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/11/30 02:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 02:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/28 08:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/19 17:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/15 11:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2014/06/13 16:07:56 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140619.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/06/13 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/11 07:27:37 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/06 11:00:05 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{190D00AA-3742-4E96-AE4E-0EDB5B942AFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/06/16 16:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/14 09:44:31 | 000,000,000 | ---D | M]
 
[2014/06/16 15:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www-search.ne...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.searchpre...={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Safe for Google Chrome\u2122 = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.47_0\
CHR - Extension: Google Wallet = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (ArcadeYum Addon) - {651CA263-4157-4AC5-B7C2-03A7C1C00457} - C:\Users\kathy\AppData\Local\ArcadeYum\ArcadeYumIEHelper.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\kathy\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\kathy\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O4 - Startup: C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CF7021-C9F7-4283-A935-42932058313F}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/24 18:05:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/06/24 17:58:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/24 17:58:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\kathy\Desktop\JRT.exe
[2014/06/19 19:54:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/17 15:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/06/17 15:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/06/17 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Google
[2014/06/17 15:01:08 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Deployment
[2014/06/16 16:16:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
[2014/06/16 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/14 17:33:41 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Weather_Notifications,_LL
[2014/06/14 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\SevereWeatherAlerts
[2014/06/14 17:33:38 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2014/06/14 17:33:02 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/14 15:55:59 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\CrashRpt
[2014/06/14 09:42:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/06/13 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Programs
[2014/06/13 13:29:18 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Local_Weather_LLC
[2014/06/13 13:29:12 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/06/13 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
[2014/06/13 07:07:07 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeYum
[2014/06/13 07:07:02 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\ArcadeYum
[2014/06/09 14:15:13 | 000,830,680 | ---- | C] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/06/09 13:49:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sda
[2014/06/09 11:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/09 11:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/06/09 11:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/09 11:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/09 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/09 11:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/06 07:56:24 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\EmieUserList
[2014/06/06 07:56:24 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\EmieSiteList
[2014/06/06 07:55:03 | 000,000,000 | R--D | C] -- C:\Users\kathy\OneDrive
[2014/06/06 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Identities
[2014/06/06 07:18:28 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/06/06 07:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/06/06 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/06/06 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/06/06 07:06:51 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\Temporary Internet Files
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Templates
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Start Menu
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\SendTo
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Recent
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\PrintHood
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\NetHood
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Videos
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Pictures
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Documents\My Music
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\My Documents
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Local Settings
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\History
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Cookies
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\Application Data
[2014/06/06 06:33:55 | 000,000,000 | -HSD | C] -- C:\Users\kathy\AppData\Local\Application Data
[2014/06/06 06:33:54 | 000,000,000 | --SD | C] -- C:\Users\kathy\AppData\Roaming\Microsoft
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Favorites
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Documents
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\Desktop
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/06/06 06:33:54 | 000,000,000 | R--D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/06/06 06:33:54 | 000,000,000 | -H-D | C] -- C:\Users\kathy\AppData
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Temp
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Local\Microsoft
[2014/06/06 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/06/06 06:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/06/06 06:22:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2014/06/06 06:22:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2014/06/06 06:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/06/06 06:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/06/06 06:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/06/06 06:21:39 | 000,000,000 | ---D | C] -- C:\AMD
[2014/06/06 06:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/06/06 06:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/06/06 06:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/05/28 16:53:12 | 000,129,536 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.9001.dll
[2014/05/28 16:53:00 | 000,190,976 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2014/05/28 16:52:54 | 000,031,232 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2014/05/28 16:52:52 | 000,588,288 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2014/05/28 16:52:52 | 000,239,616 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2014/05/28 16:52:30 | 000,063,488 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/05/28 16:52:30 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/24 18:06:52 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/24 18:04:51 | 000,000,983 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/06/24 18:03:54 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/24 18:03:37 | 000,003,620 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/06/24 18:03:32 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/24 18:03:26 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 18:01:48 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/06/24 18:01:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/24 18:01:22 | 2743,287,808 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/24 18:00:13 | 000,000,613 | ---- | M] () -- C:\Users\kathy\Desktop\Search.lnk
[2014/06/24 17:59:06 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/06/24 17:59:06 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/06/24 17:59:06 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/06/24 17:54:36 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\kathy\Desktop\JRT.exe
[2014/06/24 17:54:24 | 001,342,659 | ---- | M] () -- C:\Users\kathy\Desktop\AdwCleaner.exe
[2014/06/19 20:05:45 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForkathy.job
[2014/06/19 19:46:24 | 000,001,431 | ---- | M] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/19 19:46:23 | 000,002,306 | ---- | M] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/17 14:51:42 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ArcadeYum.job
[2014/06/16 16:16:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kathy\Desktop\OTL.exe
[2014/06/16 15:27:43 | 000,493,272 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\~eqswjpj.exe
[2014/06/14 17:33:38 | 000,002,216 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/14 17:33:38 | 000,001,273 | ---- | M] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/14 09:42:37 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/06/14 09:38:06 | 002,481,419 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/14 09:37:26 | 000,035,791 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1503000.00C\VT20140430.005
[2014/06/13 21:03:50 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/13 21:03:50 | 000,008,222 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/13 21:03:50 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/09 13:52:05 | 000,830,680 | ---- | M] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2014/06/09 11:37:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 11:28:51 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/06 07:54:07 | 000,001,744 | ---- | M] () -- C:\{6A3E4982-9BA9-46F4-9DE9-3C801EF46A17}
[2014/06/06 07:15:31 | 000,387,210 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/06/06 06:56:28 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/06/06 06:56:28 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/06/06 06:56:09 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/06/06 06:46:46 | 000,484,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/06/06 06:25:42 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/06 06:22:10 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/06/06 06:22:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/06/06 06:21:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2014/05/28 16:53:12 | 000,230,912 | ---- | M] () -- C:\WINDOWS\SysNative\clinfo.exe
[2014/05/28 16:53:12 | 000,129,536 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.9001.dll
[2014/05/28 16:53:04 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/05/28 16:53:04 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2014/05/28 16:53:02 | 003,461,040 | ---- | M] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2014/05/28 16:53:02 | 000,234,036 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2014/05/28 16:53:02 | 000,233,776 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2014/05/28 16:53:02 | 000,083,552 | ---- | M] () -- C:\WINDOWS\SysNative\ativce02.dat
[2014/05/28 16:53:00 | 003,426,688 | ---- | M] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2014/05/28 16:53:00 | 000,190,976 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2014/05/28 16:53:00 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/05/28 16:53:00 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysNative\atipblag.dat
[2014/05/28 16:52:56 | 000,047,887 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2014/05/28 16:52:54 | 000,721,296 | ---- | M] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2014/05/28 16:52:54 | 000,031,232 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2014/05/28 16:52:52 | 000,588,288 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2014/05/28 16:52:52 | 000,239,616 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2014/05/28 16:52:30 | 001,061,902 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2014/05/28 16:52:30 | 000,798,734 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/05/28 16:52:30 | 000,550,464 | ---- | M] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2014/05/28 16:52:30 | 000,550,464 | ---- | M] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2014/05/28 16:52:30 | 000,063,488 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/05/28 16:52:30 | 000,057,344 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014/05/28 16:52:28 | 001,187,342 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2014/05/28 16:52:28 | 000,995,342 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/05/28 16:52:24 | 000,412,672 | ---- | M] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2014/05/28 16:52:24 | 000,134,656 | ---- | M] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2014/05/28 16:52:24 | 000,123,392 | ---- | M] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
 
========== Files Created - No Company Name ==========
 
[2014/06/24 17:58:17 | 001,342,659 | ---- | C] () -- C:\Users\kathy\Desktop\AdwCleaner.exe
[2014/06/17 15:03:22 | 000,002,306 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/17 15:03:18 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/17 15:01:53 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/17 15:01:52 | 000,000,916 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/16 15:28:09 | 000,000,613 | ---- | C] () -- C:\Users\kathy\Desktop\Search.lnk
[2014/06/16 15:27:38 | 000,493,272 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\~eqswjpj.exe
[2014/06/14 17:33:38 | 000,002,216 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/14 17:33:38 | 000,001,273 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/13 07:07:04 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ArcadeYum.job
[2014/06/09 11:37:05 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/09 11:28:49 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/06/06 07:53:55 | 000,001,744 | ---- | C] () -- C:\{6A3E4982-9BA9-46F4-9DE9-3C801EF46A17}
[2014/06/06 07:46:29 | 000,001,449 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/06 07:15:31 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/06/06 06:56:10 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/06/06 06:41:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/06/06 06:33:55 | 000,000,369 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/06/06 06:33:55 | 000,000,369 | ---- | C] () -- C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/06/06 06:33:55 | 000,000,352 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/06/06 06:33:55 | 000,000,334 | ---- | C] () -- C:\Users\kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/06/06 06:33:41 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/06/06 06:33:41 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/06/06 06:25:42 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/06/06 06:22:10 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/06/06 06:22:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/06/06 06:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/05/28 16:53:12 | 000,230,912 | ---- | C] () -- C:\WINDOWS\SysNative\clinfo.exe
[2014/05/28 16:53:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/05/28 16:53:04 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/05/28 16:53:04 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2014/05/28 16:53:02 | 003,461,040 | ---- | C] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2014/05/28 16:53:02 | 000,234,036 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2014/05/28 16:53:02 | 000,233,776 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2014/05/28 16:53:02 | 000,083,552 | ---- | C] () -- C:\WINDOWS\SysNative\ativce02.dat
[2014/05/28 16:53:00 | 003,426,688 | ---- | C] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2014/05/28 16:53:00 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/05/28 16:53:00 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysNative\atipblag.dat
[2014/05/28 16:52:56 | 000,047,887 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2014/05/28 16:52:54 | 000,721,296 | ---- | C] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2014/05/28 16:52:30 | 001,061,902 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2014/05/28 16:52:30 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/05/28 16:52:30 | 000,550,464 | ---- | C] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2014/05/28 16:52:30 | 000,550,464 | ---- | C] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2014/05/28 16:52:28 | 001,187,342 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2014/05/28 16:52:28 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/05/28 16:52:24 | 000,412,672 | ---- | C] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2014/05/28 16:52:24 | 000,134,656 | ---- | C] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2014/05/28 16:52:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/03/18 03:13:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 03:13:03 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/11 08:41:12 | 000,003,620 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/04/11 08:41:12 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2013/04/11 08:32:25 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013/04/11 08:32:24 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013/03/04 16:30:20 | 000,000,983 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014/06/09 12:31:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/06 07:11:12 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/06 07:11:12 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/23 10:22:37 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\Awem
[2013/11/25 07:48:32 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\com.zoosk.Desktop
[2013/11/25 07:48:31 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/04/25 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\GigantGames
[2014/05/24 05:32:10 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\Pogo Games
[2013/07/05 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\Synaptics
[2013/12/28 08:09:02 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\WebApp
[2013/12/11 07:08:54 | 000,000,000 | ---D | M] -- C:\Users\kathy\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\kathy\OneDrive:ms-properties
 
< End of report >
 
 
 

  • 0

#10
pystryker
Posted 24 June 2014 - 07:48 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

the computer is running better. tuvaro and search-net or search-assistant are still showing but I can navigate without the internet crashing now.


Good, we're making progress. :thumbsup: Is it Chrome still showing them? There are some changes that need to be made in Chrome as they are showing there.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Chrome Changes


Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete Search.net and tuvaro (if they are in there) from the list.
  • Once you have removed it, close the window.
Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page. If you see search.net or tuvaro in there, remove them.
  • Once you have typed in your new home page, close the window.
Please let me know if they are still showing after this. If so, we'll take a look with a different tool. :)
  • 0

#11
skandranon1971
Posted 26 June 2014 - 08:22 PM

skandranon1971

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

that fixed it.  My mother uses internet explorer more.  I use chrome which is why it was on her computer also.  It appears to be cleared up now.


  • 0

#12
pystryker
Posted 26 June 2014 - 08:27 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

that fixed it.  My mother uses internet explorer more.  I use chrome which is why it was on her computer also.  It appears to be cleared up now.


:thumbsup: Let's scan for remnants and check for any out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#13
pystryker
Posted 29 June 2014 - 04:46 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP