Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Google chrome *32 draining CPU


  • Please log in to reply

#1
scottzajaczkowski

scottzajaczkowski

    Member

  • Member
  • PipPip
  • 23 posts

I have windows 7 home premuim; my mouse started to have the blue circle next to it constantly running, I checked the task manager and multiple google chrome processes were runnning the more I deleted the more popped up; I have attached some pictures of the task manager, and the location of the problem. I tried deleting them but they came back; I tried system restore, malwarebytes, spybot, ADW cleaner, JRT

 

 

Seems related to this: Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\rzjnmdzds.exe

 

I followed other topics with similar problems but mine seems different. Thanks.

 

 

 

 

 

 

 

Capture.PNG Capture.PNG2.PNG Capture.PNG3.PNG

 

Here is the OTL:

 

OTL logfile created on: 10/3/2014 4:52:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.16% Memory free
15.42 Gb Paging File | 12.65 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.85 Gb Total Space | 54.01 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/03 16:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
PRC - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
PRC - [2014/10/02 23:44:13 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\rzjnmdzds.exe
PRC - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2012/05/08 23:00:38 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012/05/01 19:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012/04/25 00:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2012/04/06 06:17:04 | 002,796,112 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/21 19:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/01/31 02:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2012/01/28 01:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2011/11/25 00:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/13 21:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/03 10:57:52 | 000,188,536 | ---- | M] () -- C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll
MOD - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
MOD - [2014/10/02 23:44:13 | 014,669,128 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/02 23:44:13 | 008,537,928 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\pdf.dll
MOD - [2014/10/02 23:44:13 | 001,732,936 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/02 23:44:13 | 000,718,152 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libglesv2.dll
MOD - [2014/10/02 23:44:13 | 000,353,096 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/02 23:44:13 | 000,126,280 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libegl.dll
MOD - [2014/10/02 23:42:57 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll
MOD - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2011/11/25 00:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011/11/25 00:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2011/11/25 00:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011/11/25 00:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/09/08 06:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2011/08/17 03:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 03:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 03:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 07:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 07:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 07:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 07:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 06:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 03:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 03:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/02/02 09:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/07 21:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/07 21:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/07 21:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/07 21:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/04 20:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/04 19:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/02 13:34:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 23:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 22:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 23:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/05/08 16:18:34 | 000,280,912 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/14 12:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/02/06 20:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/01/05 06:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/20 04:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 04:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 09:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/30 11:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/11/30 11:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/11/29 06:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/08 01:04:16 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011/10/08 01:04:16 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011/06/13 02:31:30 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/02 23:48:56 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\ex64.sys -- (NAVEX15)
DRV - [2014/10/02 23:48:56 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\eng64.sys -- (NAVENG)
DRV - [2013/10/04 05:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/10/04 05:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys -- (EraserUtilDrv11311)
DRV - [2013/09/25 22:40:34 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/23 22:24:26 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...cr=526708622=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...cr=526708622=
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/10/03 10:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/10/03 10:59:43 | 000,000,000 | ---D | M]
 
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe ()
O4 - HKCU..\Run: [Gapcgwxlhdd] C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll ()
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\RunOnce: [WSE_Astromenda] wscript /E:vbscript /B "C:\Users\Scott\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC51571C-8B07-4EF6-96A1-C1F8BCCD00E8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/03 10:59:32 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/10/03 10:59:28 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys
[2014/10/03 10:59:28 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys
[2014/10/03 10:59:28 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnets.sys
[2014/10/03 10:59:28 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys
[2014/10/03 10:59:28 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys
[2014/10/03 10:59:28 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys
[2014/10/03 10:59:28 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys
[2014/10/03 10:59:28 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM.sys
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1501000.012
[2014/10/03 10:58:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/10/03 10:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2014/10/03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/10/03 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ArcadeParlor
[2014/10/03 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Optimizer Pro
[2014/10/03 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:25:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Astromenda
[2014/10/03 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/10/03 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdvanceElite
[2014/10/03 00:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaks
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
[2014/10/02 23:27:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/10/02 23:21:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/02 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Amazon
[2014/10/02 17:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieUserList
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieSiteList
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2014/10/01 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/10/01 23:13:03 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/10/01 22:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/01 21:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/10/01 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/10/01 21:46:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Programs
[2014/09/29 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/09/28 18:52:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2014/09/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Diagnostics
[2014/09/26 16:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/09/26 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Adobe
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla
[2014/09/24 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/09/24 21:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/09/24 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Macromedia
[2014/09/24 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Adobe
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\Searches
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/09/24 18:11:55 | 000,000,000 | -H-D | C] -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/09/24 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Identities
[2014/09/24 18:11:46 | 000,000,000 | R--D | C] -- C:\Users\Scott\Contacts
[2014/09/24 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/09/24 18:10:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\VirtualStore
[2014/09/24 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Intel
[2014/09/24 18:09:15 | 000,000,000 | --SD | C] -- C:\Users\Scott\AppData\Roaming\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Videos
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Saved Games
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Pictures
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Music
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Links
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Favorites
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Downloads
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Documents
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Desktop
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Temporary Internet Files
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Templates
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Start Menu
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\SendTo
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Recent
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\PrintHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\NetHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Videos
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Pictures
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Music
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\My Documents
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Local Settings
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\History
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Cookies
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Scott\AppData
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Temp
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\Roaming
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Media Center Programs
[2014/09/24 18:09:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/09/19 18:13:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/19 17:07:11 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2014/09/19 09:15:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/03 16:25:01 | 000,000,312 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 16:03:12 | 000,000,272 | ---- | M] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 15:33:34 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/10/03 15:33:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/03 10:59:43 | 001,654,449 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:33:15 | 000,000,045 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:24:47 | 000,000,277 | ---- | M] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | M] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | M] () -- C:\Users\Scott\defogger_reenable
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/02 23:52:53 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/02 23:52:53 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/02 23:52:53 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/02 23:46:47 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/10/02 22:46:54 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | M] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2014/09/24 04:38:56 | 3982,000,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/19 18:14:48 | 000,000,200 | RHS- | M] () -- C:\MSSTBJ.CAT
 
========== Files Created - No Company Name ==========
 
[2014/10/03 10:59:35 | 001,654,449 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:59:14 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA.inf
[2014/10/03 10:59:14 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS.inf
[2014/10/03 10:59:14 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymNet.inf
[2014/10/03 10:59:14 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.inf
[2014/10/03 10:59:14 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.inf
[2014/10/03 10:59:14 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symELAM.inf
[2014/10/03 10:59:14 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.inf
[2014/10/03 10:59:14 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Iron.inf
[2014/10/03 10:58:57 | 000,014,818 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymVTcer.dat
[2014/10/03 10:58:57 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM64.cat
[2014/10/03 10:58:57 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.cat
[2014/10/03 10:58:57 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.cat
[2014/10/03 10:58:57 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnet64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.cat
[2014/10/03 10:58:57 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.cat
[2014/10/03 10:58:57 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\iron.cat
[2014/10/03 10:58:57 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\isolate.ini
[2014/10/03 10:57:52 | 000,000,272 | ---- | C] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 10:33:15 | 000,000,045 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:25:00 | 000,000,312 | ---- | C] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 00:24:47 | 000,000,277 | ---- | C] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | C] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | C] () -- C:\Users\Scott\defogger_reenable
[2014/10/02 22:46:49 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | C] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | C] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:12:07 | 000,001,409 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/09/24 18:12:01 | 000,001,443 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 18:09:15 | 000,000,290 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/09/24 18:09:15 | 000,000,272 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/19 18:14:48 | 000,000,200 | RHS- | C] () -- C:\MSSTBJ.CAT
[2014/09/19 09:15:25 | 3982,000,127 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/03 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:25:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:24:59 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hello Scott, welcome to Malware Removal section of the forum.

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

.
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
 

«»«»«»

 

 

I would like to collect two more logs, please execute the following.

 

Farbar Recovery Scan Tool (FRST)

  • Download FRST x64 and save it to the Desktop.
  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.

 

 

Things I would like to see in your next reply:

  • The FRST.txt log and Addition.txt

 


  • 0

#3
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I now have this problem:

 

 

dllhost.exe *32 COM Surrogate,

 

I tried to download FRST x64 but my computer opens a widow that tells me the file couldn't be downloaded; does not work on retry, thanks looking for other solutions

 

 

 

OTL logfile created on: 10/3/2014 4:52:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.16% Memory free
15.42 Gb Paging File | 12.65 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.85 Gb Total Space | 54.01 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/03 16:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
PRC - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
PRC - [2014/10/02 23:44:13 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\rzjnmdzds.exe
PRC - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2012/05/08 23:00:38 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012/05/01 19:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012/04/25 00:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2012/04/06 06:17:04 | 002,796,112 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/21 19:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/01/31 02:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2012/01/28 01:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2011/11/25 00:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/13 21:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/03 10:57:52 | 000,188,536 | ---- | M] () -- C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll
MOD - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
MOD - [2014/10/02 23:44:13 | 014,669,128 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/02 23:44:13 | 008,537,928 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\pdf.dll
MOD - [2014/10/02 23:44:13 | 001,732,936 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/02 23:44:13 | 000,718,152 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libglesv2.dll
MOD - [2014/10/02 23:44:13 | 000,353,096 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/02 23:44:13 | 000,126,280 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libegl.dll
MOD - [2014/10/02 23:42:57 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll
MOD - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2011/11/25 00:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011/11/25 00:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2011/11/25 00:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011/11/25 00:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/09/08 06:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2011/08/17 03:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 03:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 03:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 07:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 07:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 07:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 07:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 06:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 03:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 03:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/02/02 09:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/07 21:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/07 21:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/07 21:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/07 21:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/04 20:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/04 19:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/02 13:34:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 23:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 22:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 23:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/05/08 16:18:34 | 000,280,912 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/14 12:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/02/06 20:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/01/05 06:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/20 04:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 04:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 09:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/30 11:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/11/30 11:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/11/29 06:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/08 01:04:16 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011/10/08 01:04:16 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011/06/13 02:31:30 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/02 23:48:56 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\ex64.sys -- (NAVEX15)
DRV - [2014/10/02 23:48:56 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\eng64.sys -- (NAVENG)
DRV - [2013/10/04 05:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/10/04 05:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys -- (EraserUtilDrv11311)
DRV - [2013/09/25 22:40:34 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/23 22:24:26 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...cr=526708622=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...cr=526708622=
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/10/03 10:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/10/03 10:59:43 | 000,000,000 | ---D | M]
 
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe ()
O4 - HKCU..\Run: [Gapcgwxlhdd] C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll ()
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\RunOnce: [WSE_Astromenda] wscript /E:vbscript /B "C:\Users\Scott\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC51571C-8B07-4EF6-96A1-C1F8BCCD00E8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/03 10:59:32 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/10/03 10:59:28 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys
[2014/10/03 10:59:28 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys
[2014/10/03 10:59:28 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnets.sys
[2014/10/03 10:59:28 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys
[2014/10/03 10:59:28 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys
[2014/10/03 10:59:28 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys
[2014/10/03 10:59:28 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys
[2014/10/03 10:59:28 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM.sys
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1501000.012
[2014/10/03 10:58:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/10/03 10:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2014/10/03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/10/03 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ArcadeParlor
[2014/10/03 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Optimizer Pro
[2014/10/03 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:25:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Astromenda
[2014/10/03 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/10/03 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdvanceElite
[2014/10/03 00:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaks
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
[2014/10/02 23:27:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/10/02 23:21:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/02 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Amazon
[2014/10/02 17:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieUserList
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieSiteList
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2014/10/01 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/10/01 23:13:03 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/10/01 22:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/01 21:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/10/01 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/10/01 21:46:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Programs
[2014/09/29 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/09/28 18:52:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2014/09/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Diagnostics
[2014/09/26 16:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/09/26 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Adobe
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla
[2014/09/24 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/09/24 21:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/09/24 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Macromedia
[2014/09/24 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Adobe
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\Searches
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/09/24 18:11:55 | 000,000,000 | -H-D | C] -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/09/24 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Identities
[2014/09/24 18:11:46 | 000,000,000 | R--D | C] -- C:\Users\Scott\Contacts
[2014/09/24 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/09/24 18:10:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\VirtualStore
[2014/09/24 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Intel
[2014/09/24 18:09:15 | 000,000,000 | --SD | C] -- C:\Users\Scott\AppData\Roaming\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Videos
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Saved Games
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Pictures
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Music
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Links
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Favorites
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Downloads
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Documents
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Desktop
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Temporary Internet Files
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Templates
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Start Menu
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\SendTo
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Recent
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\PrintHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\NetHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Videos
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Pictures
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Music
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\My Documents
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Local Settings
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\History
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Cookies
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Scott\AppData
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Temp
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\Roaming
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Media Center Programs
[2014/09/24 18:09:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/09/19 18:13:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/19 17:07:11 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2014/09/19 09:15:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/03 16:25:01 | 000,000,312 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 16:03:12 | 000,000,272 | ---- | M] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 15:33:34 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/10/03 15:33:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/03 10:59:43 | 001,654,449 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:33:15 | 000,000,045 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:24:47 | 000,000,277 | ---- | M] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | M] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | M] () -- C:\Users\Scott\defogger_reenable
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/02 23:52:53 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/02 23:52:53 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/02 23:52:53 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/02 23:46:47 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/10/02 22:46:54 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | M] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2014/09/24 04:38:56 | 3982,000,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/19 18:14:48 | 000,000,200 | RHS- | M] () -- C:\MSSTBJ.CAT
 
========== Files Created - No Company Name ==========
 
[2014/10/03 10:59:35 | 001,654,449 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:59:14 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA.inf
[2014/10/03 10:59:14 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS.inf
[2014/10/03 10:59:14 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymNet.inf
[2014/10/03 10:59:14 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.inf
[2014/10/03 10:59:14 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.inf
[2014/10/03 10:59:14 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symELAM.inf
[2014/10/03 10:59:14 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.inf
[2014/10/03 10:59:14 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Iron.inf
[2014/10/03 10:58:57 | 000,014,818 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymVTcer.dat
[2014/10/03 10:58:57 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM64.cat
[2014/10/03 10:58:57 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.cat
[2014/10/03 10:58:57 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.cat
[2014/10/03 10:58:57 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnet64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.cat
[2014/10/03 10:58:57 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.cat
[2014/10/03 10:58:57 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\iron.cat
[2014/10/03 10:58:57 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\isolate.ini
[2014/10/03 10:57:52 | 000,000,272 | ---- | C] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 10:33:15 | 000,000,045 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:25:00 | 000,000,312 | ---- | C] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 00:24:47 | 000,000,277 | ---- | C] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | C] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | C] () -- C:\Users\Scott\defogger_reenable
[2014/10/02 22:46:49 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | C] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | C] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:12:07 | 000,001,409 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/09/24 18:12:01 | 000,001,443 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 18:09:15 | 000,000,290 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/09/24 18:09:15 | 000,000,272 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/19 18:14:48 | 000,000,200 | RHS- | C] () -- C:\MSSTBJ.CAT
[2014/09/19 09:15:25 | 3982,000,127 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/03 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:25:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:24:59 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda
 
========== Purity Check ==========
 
 

< End of report >

 

 

OTL Extras logfile created on: 10/3/2014 4:52:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.16% Memory free
15.42 Gb Paging File | 12.65 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.85 Gb Total Space | 54.01 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F69249-B428-44D1-ADC2-543373E15D1E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2050D3E7-8848-4979-B980-CD2BBE601D1E}" = rport=139 | protocol=6 | dir=out | app=system |
"{42B9EED4-40AA-45AE-9B16-1CD98126F163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42BDE8DA-C437-4001-9453-F54EB6927A57}" = rport=138 | protocol=17 | dir=out | app=system |
"{4467EF3F-349A-44C5-820D-9E4C65DAB51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5403BD0C-0CA4-4204-93A0-C5FAB46EED4D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{794C9F68-1D55-4AA0-8B31-77FBECD04CEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F865144-5CCB-4B39-A733-D4045C2E8D45}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4447163-B6BB-4E04-97D4-2B080A28C872}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF4F9E7E-6746-40B2-9510-DBBEECB2E2C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E65AA6B5-AA46-4498-9554-B6DEF364F06E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EB1AD4FD-D054-44BA-A951-0EEFF4140F22}" = lport=138 | protocol=17 | dir=in | app=system |
"{F04D73D4-3A97-4D2B-8673-96F01BABCA96}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6D2383F-30A5-4E7A-9119-2F1CB0A39F4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1276A-7021-40FD-8DEF-683B31C7EA2C}" = protocol=1 | dir=out | [email protected],-28544 |
"{0CAAE559-712C-4A2C-A3C7-3179659DBB28}" = protocol=58 | dir=in | [email protected],-28545 |
"{1926F83A-5879-4BC2-9B81-39B814888248}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1D6DEF70-52E0-4855-814A-D9136F0B251A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2290CAAB-8AA6-4761-A927-A907DDF9B921}" = protocol=1 | dir=in | [email protected],-28543 |
"{3B1D84AC-5E4B-4C56-BA12-59D83F395746}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{51F76C3F-9A62-4EE9-AE63-56C2F933B203}" = protocol=58 | dir=out | [email protected],-28546 |
"{E62EABCE-E6B2-4F67-B814-0C820AF303D8}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E791DEEA-97A5-49CC-A1E4-34B14E06DD90}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"AdvanceElite" = AdvanceElite
"Elantech" = ETDWare PS/2-X64 10.7.16.1_WHQL
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C4E0F33-0D0E-43D5-A36D-A4F96D73BA2D}" = Interactive Guide
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78C2BF66-A446-485B-9337-6D6CCD4D4569}" = Multimedia POP
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB777781-AC85-4CE5-B4B8-0F3C68C3974F}" = MovieClip
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B5525072-4F67-4E23-926D-A435A5AA6FE5}" = Fast Flash Sleep Resume
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"NIS" = Norton Internet Security
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Tweaks FileOpener" = FileOpener
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WSE_Astromenda" = WSE_Astromenda
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
"File Opener Packages" = File Opener Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/2/2014 11:42:04 PM | Computer Name = Scott-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Scott\Desktop\rzjnmdzds.exe".
Dependent
 Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could
 not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/2/2014 11:46:46 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 10/2/2014 11:30:47 PM | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =
 
Error - 10/3/2014 12:24:29 AM | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 


  • 0

#4
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I now have this problem:



dllhost.exe *32 COM Surrogate,


I tried to download FRST x64 but my computer opens a widow that tells me the file couldn't be downloaded; does not work on retry, thanks looking for other solutions




OTL logfile created on: 10/3/2014 4:52:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.71 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.16% Memory free
15.42 Gb Paging File | 12.65 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.85 Gb Total Space | 54.01 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/03 16:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
PRC - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
PRC - [2014/10/02 23:44:13 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\rzjnmdzds.exe
PRC - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2012/05/08 23:00:38 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012/05/01 19:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012/04/25 00:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2012/04/06 06:17:04 | 002,796,112 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/02/21 19:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/01/31 02:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2012/01/28 01:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2011/11/25 00:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/13 21:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/03 10:57:52 | 000,188,536 | ---- | M] () -- C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll
MOD - [2014/10/03 00:24:47 | 001,074,688 | ---- | M] () -- C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
MOD - [2014/10/02 23:44:13 | 014,669,128 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/02 23:44:13 | 008,537,928 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\pdf.dll
MOD - [2014/10/02 23:44:13 | 001,732,936 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/10/02 23:44:13 | 000,718,152 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libglesv2.dll
MOD - [2014/10/02 23:44:13 | 000,353,096 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/10/02 23:44:13 | 000,126,280 | ---- | M] () -- C:\Users\Scott\AppData\LocalLow\Microsoft\Ffgwrjvsn\Jseltfmyre\36.0.1985.143\libegl.dll
MOD - [2014/10/02 23:42:57 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll
MOD - [2011/12/22 21:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2011/11/25 00:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011/11/25 00:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2011/11/25 00:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011/11/25 00:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/09/08 06:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2011/08/17 03:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 03:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 03:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 07:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 07:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 07:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 07:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 06:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 03:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 03:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/02 09:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/07 21:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/07 21:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/07 21:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/07 21:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/04 20:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/04 19:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2013/10/08 08:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2012/02/21 19:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/02/21 19:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/02/21 19:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/06 04:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/02/02 13:34:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 23:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 22:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 23:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/05/08 16:18:34 | 000,280,912 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/14 12:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/02/06 20:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/01/05 06:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/20 04:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 04:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 09:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/30 11:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/11/30 11:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/11/29 06:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/08 01:04:16 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011/10/08 01:04:16 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011/06/13 02:31:30 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/02 23:48:56 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\ex64.sys -- (NAVEX15)
DRV - [2014/10/02 23:48:56 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\eng64.sys -- (NAVENG)
DRV - [2013/10/04 05:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/10/04 05:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys -- (EraserUtilDrv11311)
DRV - [2013/09/25 22:40:34 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/23 22:24:26 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=526708622&ir=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=526708622&ir=
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/10/03 10:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/10/03 10:59:43 | 000,000,000 | ---D | M]

[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions
[2014/10/03 10:57:53 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Scott\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (AdvanceElite) - {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} - C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll (AdvanceElite)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe ()
O4 - HKCU..\Run: [Gapcgwxlhdd] C:\Users\Scott\AppData\Local\Microsoft\Gapcgwxlhdd.dll ()
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\RunOnce: [WSE_Astromenda] wscript /E:vbscript /B "C:\Users\Scott\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC51571C-8B07-4EF6-96A1-C1F8BCCD00E8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/03 10:59:32 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/10/03 10:59:28 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys
[2014/10/03 10:59:28 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys
[2014/10/03 10:59:28 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnets.sys
[2014/10/03 10:59:28 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys
[2014/10/03 10:59:28 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys
[2014/10/03 10:59:28 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys
[2014/10/03 10:59:28 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys
[2014/10/03 10:59:28 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM.sys
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2014/10/03 10:58:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1501000.012
[2014/10/03 10:58:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/10/03 10:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2014/10/03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/10/03 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ArcadeParlor
[2014/10/03 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Optimizer Pro
[2014/10/03 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:25:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda
[2014/10/03 00:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Astromenda
[2014/10/03 00:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/10/03 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdvanceElite
[2014/10/03 00:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaks
[2014/10/03 00:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
[2014/10/02 23:27:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/10/02 23:21:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/02 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Amazon
[2014/10/02 17:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieUserList
[2014/10/02 05:45:19 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\EmieSiteList
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2014/10/02 05:42:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2014/10/01 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/10/01 23:13:03 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/10/01 22:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/01 21:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/10/01 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/10/01 21:46:20 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Programs
[2014/09/29 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/09/28 18:52:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2014/09/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Diagnostics
[2014/09/26 16:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/09/26 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Adobe
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla
[2014/09/24 21:45:55 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla
[2014/09/24 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/09/24 21:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/09/24 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Macromedia
[2014/09/24 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Adobe
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\Searches
[2014/09/24 18:11:55 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/09/24 18:11:55 | 000,000,000 | -H-D | C] -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/09/24 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Identities
[2014/09/24 18:11:46 | 000,000,000 | R--D | C] -- C:\Users\Scott\Contacts
[2014/09/24 18:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/09/24 18:10:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\VirtualStore
[2014/09/24 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Intel
[2014/09/24 18:09:15 | 000,000,000 | --SD | C] -- C:\Users\Scott\AppData\Roaming\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Videos
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Saved Games
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Pictures
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Music
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Links
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Favorites
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Downloads
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Documents
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\Desktop
[2014/09/24 18:09:15 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Temporary Internet Files
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Templates
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Start Menu
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\SendTo
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Recent
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\PrintHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\NetHood
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Videos
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Pictures
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Music
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\My Documents
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Local Settings
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\History
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Cookies
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Application Data
[2014/09/24 18:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Scott\AppData
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Temp
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\Roaming
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Microsoft
[2014/09/24 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Media Center Programs
[2014/09/24 18:09:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/09/19 18:13:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/19 17:07:11 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2014/09/19 09:15:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2014/10/03 16:25:01 | 000,000,312 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 16:03:12 | 000,000,272 | ---- | M] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 15:33:34 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/10/03 15:33:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/03 10:59:43 | 001,654,449 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/03 10:59:32 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:33:15 | 000,000,045 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:24:47 | 000,000,277 | ---- | M] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | M] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | M] () -- C:\Users\Scott\defogger_reenable
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/03 00:03:57 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/02 23:52:53 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/02 23:52:53 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/02 23:52:53 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/02 23:46:47 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/10/02 22:46:54 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | M] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | M] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2014/09/24 05:08:51 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2014/09/24 04:38:56 | 3982,000,127 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/19 18:14:48 | 000,000,200 | RHS- | M] () -- C:\MSSTBJ.CAT

========== Files Created - No Company Name ==========

[2014/10/03 10:59:35 | 001,654,449 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/10/03 10:59:32 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/03 10:59:32 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/03 10:59:14 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA.inf
[2014/10/03 10:59:14 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS.inf
[2014/10/03 10:59:14 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymNet.inf
[2014/10/03 10:59:14 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.inf
[2014/10/03 10:59:14 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.inf
[2014/10/03 10:59:14 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symELAM.inf
[2014/10/03 10:59:14 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.inf
[2014/10/03 10:59:14 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\Iron.inf
[2014/10/03 10:58:57 | 000,014,818 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymVTcer.dat
[2014/10/03 10:58:57 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymELAM64.cat
[2014/10/03 10:58:57 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.cat
[2014/10/03 10:58:57 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtspx64.cat
[2014/10/03 10:58:57 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\symnet64.cat
[2014/10/03 10:58:57 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\srtsp64.cat
[2014/10/03 10:58:57 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\SymDS64.cat
[2014/10/03 10:58:57 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\iron.cat
[2014/10/03 10:58:57 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1501000.012\isolate.ini
[2014/10/03 10:57:52 | 000,000,272 | ---- | C] () -- C:\windows\tasks\ArcadeParlor.job
[2014/10/03 10:33:15 | 000,000,045 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\WB.CFG
[2014/10/03 00:25:00 | 000,000,312 | ---- | C] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/03 00:24:47 | 000,000,277 | ---- | C] () -- C:\Users\Scott\Desktop\Cut the Rope.url
[2014/10/03 00:24:35 | 000,001,070 | ---- | C] () -- C:\Users\Scott\Desktop\Optimizer Pro.lnk
[2014/10/03 00:24:20 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\FileOpener.lnk
[2014/10/03 00:22:28 | 000,000,000 | ---- | C] () -- C:\Users\Scott\defogger_reenable
[2014/10/02 22:46:49 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014/10/02 17:54:16 | 000,012,992 | ---- | C] () -- C:\Users\Scott\Documents\2003010-10-M_J-PHY-SCI-(Period-0101)-Grades-All-Classes.pdf
[2014/10/02 15:32:27 | 000,287,744 | ---- | C] () -- C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
[2014/09/24 18:15:13 | 000,001,437 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/24 18:12:07 | 000,001,409 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/09/24 18:12:01 | 000,001,443 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/09/24 18:10:40 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2014/09/24 18:10:33 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2014/09/24 18:09:20 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
[2014/09/24 18:09:15 | 000,000,290 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/09/24 18:09:15 | 000,000,272 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/19 18:14:48 | 000,000,200 | RHS- | C] () -- C:\MSSTBJ.CAT
[2014/09/19 09:15:25 | 3982,000,127 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/03 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\1H1Q
[2014/10/03 00:25:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Optimizer Pro
[2014/10/03 00:24:59 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WSE_Astromenda

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 10/3/2014 4:52:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.71 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.16% Memory free
15.42 Gb Paging File | 12.65 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.85 Gb Total Space | 54.01 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F69249-B428-44D1-ADC2-543373E15D1E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2050D3E7-8848-4979-B980-CD2BBE601D1E}" = rport=139 | protocol=6 | dir=out | app=system |
"{42B9EED4-40AA-45AE-9B16-1CD98126F163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42BDE8DA-C437-4001-9453-F54EB6927A57}" = rport=138 | protocol=17 | dir=out | app=system |
"{4467EF3F-349A-44C5-820D-9E4C65DAB51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5403BD0C-0CA4-4204-93A0-C5FAB46EED4D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{794C9F68-1D55-4AA0-8B31-77FBECD04CEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F865144-5CCB-4B39-A733-D4045C2E8D45}" = lport=137 | protocol=17 | dir=in | app=system |
"{A4447163-B6BB-4E04-97D4-2B080A28C872}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AF4F9E7E-6746-40B2-9510-DBBEECB2E2C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E65AA6B5-AA46-4498-9554-B6DEF364F06E}" = lport=139 | protocol=6 | dir=in | app=system |
"{EB1AD4FD-D054-44BA-A951-0EEFF4140F22}" = lport=138 | protocol=17 | dir=in | app=system |
"{F04D73D4-3A97-4D2B-8673-96F01BABCA96}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6D2383F-30A5-4E7A-9119-2F1CB0A39F4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1276A-7021-40FD-8DEF-683B31C7EA2C}" = protocol=1 | dir=out | [email protected],-28544 |
"{0CAAE559-712C-4A2C-A3C7-3179659DBB28}" = protocol=58 | dir=in | [email protected],-28545 |
"{1926F83A-5879-4BC2-9B81-39B814888248}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1D6DEF70-52E0-4855-814A-D9136F0B251A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2290CAAB-8AA6-4761-A927-A907DDF9B921}" = protocol=1 | dir=in | [email protected],-28543 |
"{3B1D84AC-5E4B-4C56-BA12-59D83F395746}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{51F76C3F-9A62-4EE9-AE63-56C2F933B203}" = protocol=58 | dir=out | [email protected],-28546 |
"{E62EABCE-E6B2-4F67-B814-0C820AF303D8}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E791DEEA-97A5-49CC-A1E4-34B14E06DD90}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"AdvanceElite" = AdvanceElite
"Elantech" = ETDWare PS/2-X64 10.7.16.1_WHQL
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C4E0F33-0D0E-43D5-A36D-A4F96D73BA2D}" = Interactive Guide
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78C2BF66-A446-485B-9337-6D6CCD4D4569}" = Multimedia POP
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB777781-AC85-4CE5-B4B8-0F3C68C3974F}" = MovieClip
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B5525072-4F67-4E23-926D-A435A5AA6FE5}" = Fast Flash Sleep Resume
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"NIS" = Norton Internet Security
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Tweaks FileOpener" = FileOpener
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WSE_Astromenda" = WSE_Astromenda
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
"File Opener Packages" = File Opener Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2014 11:42:04 PM | Computer Name = Scott-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Scott\Desktop\rzjnmdzds.exe".
Dependent
Assembly 36.0.1985.143,language="*",type="win32",version="36.0.1985.143" could
not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/2/2014 11:46:46 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/2/2014 11:30:47 PM | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =

Error - 10/3/2014 12:24:29 AM | Computer Name = Scott-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#5
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Scott (administrator) on SCOTT-PC on 04-10-2014 20:46:15
Running from C:\Users\Scott\Desktop
Loaded Profile: Scott (Available profiles: Scott)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Sams


  • 0

#6
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Scott (administrator) on SCOTT-PC on 04-10-2014 20:46:15
Running from C:\Users\Scott\Desktop
Loaded Profile: Scott (Available profiles: Scott)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-860519808-2140715989-319308476-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://samsung.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0EtAyBzztByBzz0AzzyCtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztB0Azz0E0CtG0DzztC0EtGyDyByDzytG0FyC0BtDtGyEyEtC0AtByC0E0A0B0F0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CzyyC0AtCzzyDtGyEyC0E0FtGyE0AyDtDtGzyyCyEzztGyC0DyC0DtA0Fzz0AyByCzztD2Q&cr=526708622&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0EtAyBzztByBzz0AzzyCtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztB0Azz0E0CtG0DzztC0EtGyDyByDzytG0FyC0BtDtGyEyEtC0AtByC0E0A0B0F0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CzyyC0AtCzzyDtGyEyC0E0FtGyE0AyDtDtGzyyCyEzztGyC0DyC0DtA0Fzz0AyByCzztD2Q&cr=526708622&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0EtAyBzztByBzz0AzzyCtN0D0Tzu0StCtDtDyCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztB0Azz0E0CtG0DzztC0EtGyDyByDzytG0FyC0BtDtGyEyEtC0AtByC0E0A0B0F0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CzyyC0AtCzzyDtGyEyC0E0FtGyE0AyDtDtGzyyCyEzztGyC0DyC0DtA0Fzz0AyByCzztD2Q&cr=526708622&ir=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\user.js
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-10-08] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-10-08] (Renesas Electronics Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-04 20:46 - 2014-10-04 20:46 - 00011073 _____ () C:\Users\Scott\Desktop\FRST.txt
2014-10-04 20:46 - 2014-10-04 20:46 - 00000000 ____D () C:\FRST
2014-10-04 20:44 - 2014-10-04 20:44 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-10-04 20:44 - 2014-10-04 20:42 - 02109440 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
2014-10-04 17:34 - 2014-10-04 20:08 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashDumps
2014-10-04 10:29 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-04 10:29 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-04 10:29 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-04 10:29 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-04 10:24 - 2014-10-04 10:24 - 00758128 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-04 10:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-10-04 10:17 - 2014-10-04 10:17 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-04 10:17 - 2014-10-04 10:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-04 10:17 - 2014-10-04 10:17 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-04 10:17 - 2014-10-04 10:17 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-04 10:17 - 2014-10-04 10:17 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-10-04 10:17 - 2014-10-04 10:17 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-10-04 10:17 - 2014-10-04 10:17 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-10-04 10:17 - 2014-10-04 10:17 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-10-04 10:17 - 2014-10-04 10:17 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-10-04 10:17 - 2014-10-04 10:17 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-10-04 10:17 - 2014-10-04 10:17 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-10-04 10:17 - 2014-10-04 10:17 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-10-04 10:17 - 2014-10-04 10:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 02776576 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 02284544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01988096 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01682432 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01238528 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01175552 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01158144 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 01080832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00648192 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00604160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00522752 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00293376 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00249856 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecsExt.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10core.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecsExt.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00010752 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00010752 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00009728 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00009728 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00002560 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-04 10:14 - 2014-10-04 10:14 - 00002560 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-04 10:13 - 2014-10-04 10:20 - 00012469 _____ () C:\windows\IE11_main.log
2014-10-04 09:48 - 2012-07-25 23:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2014-10-04 09:48 - 2012-07-25 23:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-10-04 09:48 - 2012-07-25 23:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-10-04 09:48 - 2012-07-25 23:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-10-04 09:48 - 2012-07-25 23:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2014-10-04 09:48 - 2012-07-25 22:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-10-04 09:48 - 2012-07-25 22:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-10-04 09:48 - 2012-06-02 10:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-04 09:44 - 2012-03-01 02:46 - 00023408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys
2014-10-04 09:44 - 2012-03-01 02:38 - 00220672 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-04 09:44 - 2012-03-01 02:28 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\wmi.dll
2014-10-04 09:44 - 2012-03-01 01:37 - 00172544 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-04 09:44 - 2012-03-01 01:29 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmi.dll
2014-10-04 09:40 - 2014-10-04 09:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-04 09:38 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-10-04 09:38 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-10-04 09:38 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-10-04 09:38 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-10-04 09:38 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-10-04 09:38 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-10-04 09:38 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-10-04 09:38 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-10-03 17:43 - 2014-10-03 17:43 - 00000000 ____D () C:\Users\Scott\AppData\Local\Samsung
2014-10-03 17:10 - 2014-10-03 17:10 - 00099068 _____ () C:\Users\Scott\Downloads\OTL.Txt
2014-10-03 17:10 - 2014-10-03 17:10 - 00085638 _____ () C:\Users\Scott\Downloads\Extras.Txt
2014-10-03 16:51 - 2014-10-03 16:51 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
2014-10-03 10:46 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-10-03 10:46 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-10-03 10:46 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-10-03 10:46 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-10-03 10:46 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-10-03 10:46 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-10-03 10:46 - 2011-04-09 02:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-10-03 10:46 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-10-03 10:45 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-10-03 10:45 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-10-03 10:45 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-03 10:45 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-03 10:45 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-10-03 10:45 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-10-03 10:45 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-03 10:45 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-03 10:45 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-03 10:45 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-10-03 10:45 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-10-03 10:44 - 2012-11-22 23:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-10-03 10:33 - 2014-10-03 10:33 - 00000045 _____ () C:\Users\Scott\AppData\Roaming\WB.CFG
2014-10-03 00:24 - 2014-10-03 20:02 - 00000000 ____D () C:\Program Files (x86)\AdvanceElite
2014-10-03 00:24 - 2014-10-03 19:57 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-10-03 00:22 - 2014-10-03 00:22 - 00000472 _____ () C:\Users\Scott\Desktop\defogger_disable.log
2014-10-03 00:22 - 2014-10-03 00:22 - 00000000 _____ () C:\Users\Scott\defogger_reenable
2014-10-03 00:21 - 2014-10-03 00:21 - 00050477 _____ () C:\Users\Scott\Downloads\Defogger.exe
2014-10-02 23:27 - 2014-10-02 23:27 - 00000000 ____D () C:\windows\ERUNT
2014-10-02 23:21 - 2014-10-02 23:25 - 00000000 ____D () C:\AdwCleaner
2014-10-02 23:21 - 2014-10-02 23:21 - 01375089 _____ () C:\Users\Scott\Downloads\AdwCleaner.exe
2014-10-02 22:47 - 2014-10-02 22:47 - 00000000 ____D () C:\Users\Scott\AppData\Local\Amazon
2014-10-02 22:46 - 2014-10-02 22:46 - 00000085 _____ () C:\windows\wininit.ini
2014-10-02 17:52 - 2014-10-02 17:52 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-02 15:32 - 2014-10-02 15:32 - 00287744 _____ () C:\Users\Scott\AppData\Local\Gapcgwxlhdd.dll
2014-10-02 08:48 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-10-02 08:48 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-10-02 08:48 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-10-02 08:48 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-10-02 08:48 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-10-02 08:48 - 2013-03-19 01:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-10-02 08:48 - 2012-10-09 14:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-10-02 08:48 - 2012-10-09 14:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-10-02 08:48 - 2012-10-09 13:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-10-02 08:48 - 2012-10-09 13:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-10-02 08:47 - 2013-02-15 02:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-02 08:47 - 2013-02-15 02:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-02 08:47 - 2013-02-15 02:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-02 08:47 - 2013-02-15 00:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-02 08:47 - 2013-02-15 00:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-02 08:47 - 2013-02-14 23:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-02 08:46 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-10-02 08:46 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-10-02 08:46 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-10-02 08:46 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-10-02 08:45 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-10-02 08:45 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-10-02 08:45 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-10-02 08:45 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-10-02 08:45 - 2013-12-31 19:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-10-02 08:45 - 2013-12-31 19:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-10-02 08:45 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-10-02 08:45 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-10-02 08:45 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-10-02 08:44 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-10-02 08:44 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-10-02 08:44 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-10-02 08:44 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-10-02 08:44 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-10-02 08:44 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-10-02 08:44 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-10-02 08:44 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-10-02 08:44 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-10-02 08:44 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-10-02 08:44 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-10-02 08:44 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-10-02 08:44 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-10-02 08:44 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-10-02 08:44 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-10-02 08:44 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-10-02 08:44 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-10-02 08:44 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-10-02 08:44 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-10-02 08:44 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-10-02 08:44 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-10-02 08:44 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-10-02 08:44 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-10-02 08:44 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-10-02 08:44 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-10-02 08:44 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-10-02 08:44 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-10-02 08:44 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-10-02 08:44 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-10-02 08:44 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-10-02 08:44 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-10-02 08:44 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-10-02 08:44 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-10-02 08:44 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-10-02 08:44 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-10-02 08:44 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-10-02 08:44 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-10-02 08:44 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-10-02 08:44 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-10-02 08:44 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-10-02 08:44 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-10-02 08:44 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-10-02 08:44 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-10-02 08:44 - 2013-04-25 19:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-10-02 08:44 - 2013-03-31 18:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-10-02 08:43 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-10-02 08:43 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-10-02 08:43 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-10-02 08:43 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-02 08:43 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-02 08:43 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-10-02 08:43 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2014-10-02 08:43 - 2012-11-28 18:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-10-02 08:43 - 2012-11-28 18:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2014-10-02 08:43 - 2012-11-28 18:56 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-10-02 08:43 - 2012-10-03 13:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2014-10-02 08:43 - 2012-10-03 13:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-10-02 08:43 - 2012-10-03 13:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-10-02 08:43 - 2012-10-03 13:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2014-10-02 08:43 - 2012-10-03 13:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2014-10-02 08:43 - 2012-10-03 13:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-10-02 08:43 - 2012-10-03 12:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-10-02 08:43 - 2012-10-03 12:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2014-10-02 08:43 - 2012-10-03 12:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2014-10-02 08:43 - 2012-10-03 12:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2014-10-02 08:43 - 2012-08-22 14:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-10-02 08:43 - 2012-07-04 16:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2014-10-02 08:43 - 2012-05-01 01:40 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-02 08:43 - 2012-04-26 01:41 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-02 08:43 - 2012-04-26 01:41 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll
2014-10-02 08:43 - 2012-04-26 01:34 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe
2014-10-02 08:43 - 2012-01-13 03:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-10-02 08:42 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-02 08:42 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-02 08:42 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-10-02 08:42 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-10-02 08:42 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-02 08:42 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-02 08:42 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-10-02 08:42 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-10-02 08:42 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-10-02 08:42 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-10-02 08:42 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-10-02 08:42 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-10-02 08:42 - 2013-02-27 01:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-10-02 08:42 - 2012-11-02 01:59 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2014-10-02 08:42 - 2012-11-02 01:11 - 00376832 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2014-10-02 08:41 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-10-02 08:41 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-10-02 08:41 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2014-10-02 08:41 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-10-02 08:41 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-10-02 08:41 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-02 08:41 - 2013-04-10 02:01 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-10-02 08:41 - 2012-08-21 17:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2014-10-02 08:41 - 2011-02-03 07:25 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-10-02 08:40 - 2012-12-07 09:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2014-10-02 08:40 - 2012-12-07 09:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2014-10-02 08:40 - 2012-12-07 08:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2014-10-02 08:40 - 2012-12-07 08:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2014-10-02 08:40 - 2012-12-07 07:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2014-10-02 08:40 - 2012-12-07 07:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2014-10-02 08:40 - 2012-12-07 07:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2014-10-02 08:40 - 2012-12-07 06:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2014-10-02 08:40 - 2012-04-27 23:55 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-02 08:40 - 2012-03-17 03:58 - 00075120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2014-10-02 08:39 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-10-02 08:39 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-10-02 08:39 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-10-02 08:39 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-10-02 08:39 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-10-02 08:38 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-10-02 08:38 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-10-02 08:38 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-10-02 08:38 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-10-02 08:38 - 2013-04-26 01:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-02 08:38 - 2013-04-26 00:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-10-02 08:38 - 2012-09-25 18:47 - 00078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\synceng.dll
2014-10-02 08:38 - 2012-09-25 18:46 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2014-10-02 08:37 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-02 08:37 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-02 08:37 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-10-02 08:37 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-10-02 08:37 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-10-02 08:37 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-10-02 08:37 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-10-02 08:37 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-10-02 08:37 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-10-02 08:37 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-10-02 08:37 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-10-02 08:37 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-10-02 08:37 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-10-02 08:37 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-10-02 08:37 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-10-02 08:37 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-10-02 08:37 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-10-02 08:37 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-10-02 08:37 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-02 08:37 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-02 08:37 - 2013-05-10 01:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-10-02 08:37 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-10-02 08:37 - 2013-01-24 02:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-10-02 08:37 - 2012-07-04 18:16 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\netapi32.dll
2014-10-02 08:37 - 2012-07-04 18:13 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2014-10-02 08:37 - 2012-07-04 18:13 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\browcli.dll
2014-10-02 08:37 - 2012-07-04 17:16 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\netapi32.dll
2014-10-02 08:37 - 2012-07-04 17:14 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\browcli.dll
2014-10-02 08:37 - 2012-05-05 04:36 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-02 08:37 - 2012-05-05 03:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-02 08:36 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-02 08:36 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-10-02 08:36 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-10-02 08:36 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-10-02 08:36 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-10-02 08:36 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-10-02 08:36 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-10-02 08:36 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-10-02 08:36 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-10-02 08:36 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-10-02 08:36 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-10-02 08:36 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-10-02 08:36 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-10-02 08:36 - 2013-05-13 01:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-02 08:36 - 2013-05-13 01:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-02 08:36 - 2013-05-13 01:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-10-02 08:36 - 2013-05-13 01:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-10-02 08:36 - 2013-05-13 00:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-02 08:36 - 2013-05-13 00:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-02 08:36 - 2013-05-13 00:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-10-02 08:36 - 2013-05-12 23:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-10-02 08:36 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-10-02 08:36 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-10-02 08:35 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-02 08:35 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-02 08:35 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-10-02 08:35 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-10-02 08:35 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-02 08:35 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-10-02 08:35 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-10-02 08:35 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-10-02 08:35 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-10-02 08:35 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-10-02 08:35 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-10-02 08:35 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-10-02 08:35 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-10-02 08:35 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-02 08:35 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-10-02 08:35 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-10-02 08:35 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-02 08:35 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-02 08:35 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-10-02 08:35 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-02 08:35 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-10-02 08:35 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-02 08:35 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-02 08:35 - 2013-10-11 22:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-10-02 08:35 - 2013-10-11 22:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-10-02 08:35 - 2013-10-11 22:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-10-02 08:35 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-10-02 08:35 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-10-02 08:35 - 2013-09-24 22:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-10-02 08:35 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-10-02 08:35 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-10-02 08:35 - 2013-07-04 08:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-10-02 08:35 - 2012-06-06 02:02 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2014-10-02 08:35 - 2012-06-06 01:03 - 00805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2014-10-02 08:35 - 2012-05-14 01:26 - 00956928 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-02 08:35 - 2011-02-23 00:55 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2014-10-02 05:45 - 2014-10-04 16:08 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieUserList
2014-10-02 05:45 - 2014-10-02 05:45 - 00000000 __SHD () C:\Users\Scott\AppData\Local\EmieSiteList
2014-10-01 22:31 - 2014-10-01 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 22:27 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 22:27 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-01 21:48 - 2014-10-02 14:11 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-10-01 21:47 - 2014-10-02 22:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-01 21:46 - 2014-10-02 23:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-29 18:19 - 2014-10-02 14:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-28 18:52 - 2014-10-02 14:09 - 00000000 ____D () C:\windows\system32\Macromed
2014-09-28 07:39 - 2014-09-28 07:39 - 00057560 _____ () C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 16:40 - 2014-10-02 22:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-26 16:39 - 2014-10-03 11:13 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
2014-09-25 12:23 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-09-25 12:22 - 2012-07-06 16:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-24 23:22 - 2012-02-17 02:38 - 01031680 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2014-09-24 23:22 - 2012-02-17 01:34 - 00826880 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2014-09-24 23:22 - 2012-02-17 00:57 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys
2014-09-24 23:14 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-24 23:14 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-24 23:14 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-24 23:14 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-24 23:14 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-24 23:14 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-24 23:14 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-24 23:14 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-24 23:14 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-24 23:14 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-24 23:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-24 23:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-24 23:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-24 23:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-24 21:45 - 2014-10-02 23:42 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mozilla
2014-09-24 21:45 - 2014-09-24 21:46 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2014-09-24 21:45 - 2014-09-24 21:45 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-24 21:44 - 2014-09-24 21:44 - 00244136 _____ () C:\Users\Scott\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-24 18:17 - 2014-09-24 18:17 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Macromedia
2014-09-24 18:16 - 2014-10-02 14:08 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Adobe
2014-09-24 18:12 - 2014-10-04 14:53 - 00001413 _____ () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 18:11 - 2014-10-02 14:00 - 00000000 ____D () C:\ProgramData\Skype
2014-09-24 18:11 - 2014-09-24 18:11 - 00001076 _____ () C:\Users\Your Feedback is Important.lnk
2014-09-24 18:10 - 2014-10-02 14:11 - 00000000 ____D () C:\Users\Scott\AppData\Local\VirtualStore
2014-09-24 18:10 - 2014-09-24 18:10 - 00003186 _____ () C:\windows\System32\Tasks\FFSRConfigurer
2014-09-24 18:10 - 2014-09-24 18:10 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2014-09-24 18:10 - 2014-09-24 18:10 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-09-24 18:09 - 2014-10-03 00:22 - 00000000 ____D () C:\Users\Scott
2014-09-24 18:09 - 2014-10-02 14:11 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 18:09 - 2014-10-02 14:11 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 18:09 - 2014-09-24 18:09 - 00000020 ___SH () C:\Users\Scott\ntuser.ini
2014-09-24 18:09 - 2014-09-24 18:09 - 00000000 __SHD () C:\Recovery
2014-09-24 18:09 - 2014-09-24 18:09 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Intel
2014-09-24 18:09 - 2014-09-24 18:09 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_N_900X4C_P03A.mrk
2014-09-24 18:09 - 2014-09-24 18:09 - 00000000 _____ () C:\Users\Scott\agent.log
2014-09-19 18:14 - 2014-09-19 18:14 - 00000200 __RSH () C:\MSSTBJ.CAT
2014-09-19 17:07 - 2014-09-19 17:07 - 00000000 __SHD () C:\System Recovery
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-04 20:44 - 2009-07-14 00:51 - 00041685 _____ () C:\windows\setupact.log
2014-10-04 20:32 - 2012-05-10 11:18 - 01293850 _____ () C:\windows\WindowsUpdate.log
2014-10-04 17:08 - 2009-07-14 00:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:08 - 2009-07-14 00:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:06 - 2009-07-14 01:13 - 00716598 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-04 17:01 - 2012-05-10 11:15 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-10-04 17:01 - 2010-11-20 23:47 - 01157594 _____ () C:\windows\PFRO.log
2014-10-04 17:01 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-04 14:53 - 2009-07-14 00:45 - 00267672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-04 14:52 - 2012-05-11 03:08 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-04 14:52 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-04 14:52 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\zh-HK
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\tr-TR
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-04 14:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-03 15:33 - 2012-05-10 11:15 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-10-03 10:59 - 2012-05-10 11:21 - 00000000 ____D () C:\ProgramData\Norton
2014-10-02 22:47 - 2012-05-10 12:10 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-02 16:41 - 2012-05-10 11:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-02 14:11 - 2012-05-11 03:08 - 00000000 ____D () C:\windows\ShellNew
2014-10-02 14:11 - 2012-05-10 11:28 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-10-02 14:11 - 2012-05-10 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-10-02 14:11 - 2012-05-10 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
2014-10-02 14:11 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-02 14:11 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\Offline Web Pages
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 __RSD () C:\windows\Media
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\security
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\L2Schemas
2014-10-02 14:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-02 14:10 - 2012-05-10 12:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-10-02 14:10 - 2012-05-10 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software
2014-10-02 14:10 - 2012-05-10 11:29 - 00000000 ____D () C:\ProgramData\WinClon
2014-10-02 14:10 - 2012-05-10 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-10-02 14:10 - 2012-05-10 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-10-02 14:10 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-02 14:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-02 14:09 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-10-02 14:08 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\servicing
2014-10-02 14:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-02 14:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\system32\winrm
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\system32\WCN
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\system32\slmgr
2014-09-25 18:23 - 2010-11-21 03:06 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-09-25 18:23 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-25 18:23 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Setup
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Setup
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\MUI
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-25 18:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\com
2014-09-24 18:18 - 2012-05-10 11:25 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-09-24 18:11 - 2012-05-11 03:07 - 00000000 ____D () C:\windows\MSetup
2014-09-24 18:11 - 2012-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-24 18:10 - 2012-05-10 12:10 - 00051158 _____ () C:\windows\SetDisplayResolution.log
2014-09-24 18:10 - 2012-05-10 11:18 - 00013210 _____ () C:\windows\DPINST.LOG
2014-09-24 18:10 - 2012-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-24 18:09 - 2012-05-10 11:54 - 00004336 _____ () C:\windows\LCDStretchMode.log
2014-09-24 18:09 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Recovery
2014-09-19 09:27 - 2009-07-14 00:46 - 00004818 _____ () C:\windows\DtcInstall.log
2014-09-19 09:16 - 2012-05-10 12:18 - 00000988 _____ () C:\windows\SysWOW64\Master.log
2014-09-19 09:15 - 2012-05-10 11:16 - 00003350 _____ () C:\windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\optprosetup.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\SymCCIS.dll
C:\Users\Scott\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Scott\AppData\Local\Temp\xopsmyb.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 13:05
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
Ran by Scott at 2014-10-04 20:48:07
Running from C:\Users\Scott\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.17 - Absolute Software)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.17.12 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.22 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Flash Sleep Resume (x32 Version: 1.0.19 - Samsung) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{3C4E0F33-0D0E-43D5-A36D-A4F96D73BA2D}) (Version: 1.5 - Samsung Electronics CO., LTD.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MovieClip (HKLM-x32\...\{AB777781-AC85-4CE5-B4B8-0F3C68C3974F}) (Version: 1.0.0 - Samsung)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{78C2BF66-A446-485B-9337-6D6CCD4D4569}) (Version: 1.4 - Samsung Electronics CO., LTD.)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.8.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.8.0 - Renesas Electronics Corporation) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.6 - Samsung Electronics CO., LTD.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.8 - Samsung Electronics CO., LTD.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live
메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-860519808-2140715989-319308476-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
==================== Restore Points  =========================
04-10-2014 13:38:20 Windows Update
04-10-2014 13:44:32 Windows Update
04-10-2014 20:55:44 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
04-10-2014 20:56:15 Removed Microsoft Silverlight
04-10-2014 20:56:34 Removed Microsoft Visual C++ 2005 Redistributable
04-10-2014 20:56:54 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E04488B-6474-41F7-8C00-3CA941F836FA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {16B9B624-821B-4892-B91F-E3B7BC9FF8D0} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {39D2D029-EE5E-4B40-965D-577454F18C6A} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {5E7B8FEB-EB82-4B78-8A66-433882444B8B} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-01] (Samsung Electronics Co., Ltd.)
Task: {5FFCD499-A6F6-404F-90D8-860EE7B1E04E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {745CD07A-4118-45F5-BE23-DC7DC3EA6640} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {7A4E3BC9-302B-4BF0-8134-D522BFE06459} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-08] (Samsung Electronics Co., Ltd.)
Task: {7E3F5392-DB31-46D1-BFCB-E8B2754AC8A3} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)
Task: {A78596A5-9683-4BE6-A1BC-926276D546EF} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {AB96BCFB-3991-45A3-AA3A-A8451C7D0DF0} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-03-28] (Samsung)
Task: {CEF175F2-3E61-4461-9C28-C6150B82D1CE} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {DC287724-E1BC-448B-A039-2BECB927F810} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {E7FE0BB5-120E-4DCD-9B70-E2470A8E5FFB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {EC495AED-5E15-48D6-B08D-8271E7459AC9} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {EE7AE268-D03A-49FD-A345-A9113540100A} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {F7529B21-E855-4950-BEE9-BAEB47908225} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-02-06 00:42 - 2012-01-05 04:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-10 11:15 - 2012-02-07 22:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-10 11:25 - 2012-02-13 02:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-05-10 11:25 - 2011-02-16 12:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-05-10 11:25 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-05-10 11:29 - 2011-09-08 06:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-05-10 11:15 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-860519808-2140715989-319308476-500 - Administrator - Disabled)
Guest (S-1-5-21-860519808-2140715989-319308476-501 - Limited - Disabled)
Scott (S-1-5-21-860519808-2140715989-319308476-1000 - Administrator - Enabled) => C:\Users\Scott
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2014 08:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc00000fd
Fault offset: 0x0006e5e2
Faulting process id: 0x1df8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (10/04/2014 05:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc00000fd
Fault offset: 0x000d4417
Faulting process id: 0x2334
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (10/04/2014 05:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 04:44:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1274
Start Time: 01cfe004da125289
Termination Time: 22
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (10/04/2014 02:53:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 02:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 10:05:30 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}
Error: (10/04/2014 09:44:45 AM) (Source: MsiInstaller) (EventID: 11705) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
Error: (10/04/2014 09:44:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
The parameter is incorrect.
.
Error: (10/04/2014 09:44:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
The parameter is incorrect.
.

System errors:
=============
Error: (10/04/2014 05:02:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/04/2014 04:48:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/04/2014 02:56:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2977629).
Error: (10/04/2014 02:53:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405
Error: (10/04/2014 10:20:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2862966).
Error: (10/04/2014 10:11:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2798162).
Error: (10/04/2014 10:10:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
Error: (10/04/2014 10:01:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2868626).
Error: (10/04/2014 09:56:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2893519).
Error: (10/04/2014 09:50:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2871997).

Microsoft Office Sessions:
=========================
Error: (10/04/2014 08:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c00000fd0006e5e21df801cfe02fcf6387b5C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllc03dfb91-4c23-11e4-a571-c485088fad17
Error: (10/04/2014 05:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c00000fd000d4417233401cfe01ae3d091e4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll32a8279e-4c0e-11e4-a571-c485088fad17
Error: (10/04/2014 05:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 04:44:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280127401cfe004da12528922C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (10/04/2014 02:53:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 02:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 10:05:30 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/04/2014 09:44:45 AM) (Source: MsiInstaller) (EventID: 11705) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/04/2014 09:44:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
The parameter is incorrect.
Error: (10/04/2014 09:44:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
The parameter is incorrect.

==================== Memory info ===========================
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 33%
Total physical RAM: 7893.53 MB
Available physical RAM: 5232.5 MB
Total Pagefile: 15785.25 MB
Available Pagefile: 11266.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100.85 GB) (Free:47.2 GB) NTFS
Drive d: () (Removable) (Total:3.76 GB) (Free:3.25 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CFC67CF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.3 GB) - (Type=84)
Partition 4: (Not Active) - (Size=10 GB) - (Type=12)
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
 
 
 
 


  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,

 

Thanks for the logs. Some Antivirus don't like FRST/FRST64 maybe it was the problem.

 

I'm checking your logs to create a fix, please refrain of doing any changes to the system. I see plenty of differences between the two logs so I have to start over.


  • 0

#8
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,

 

Can you please post the logs you have on C:\AdwCleaner?


  • 0

#9
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

# AdwCleaner v3.311 - Report created 05/10/2014 at 14:37:25
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\user.js
Folder Found : C:\Program Files (x86)\Optimizer Pro

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [797 octets] - [02/10/2014 23:22:04]
AdwCleaner[R1].txt - [1901 octets] - [05/10/2014 14:37:25]
AdwCleaner[S0].txt - [857 octets] - [02/10/2014 23:25:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2020 octets] ##########


  • 0

#10
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

# AdwCleaner v3.311 - Report created 05/10/2014 at 14:43:57
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\Optimizer Pro
[x] Not Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[x] Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[x] Not Deleted : HKCU\Software\InstallCore
[x] Not Deleted : HKLM\SOFTWARE\InstallIQ
[x] Not Deleted : [x64] HKCU\Software\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [797 octets] - [02/10/2014 23:22:04]
AdwCleaner[R1].txt - [2112 octets] - [05/10/2014 14:37:25]
AdwCleaner[S0].txt - [857 octets] - [02/10/2014 23:25:39]
AdwCleaner[S1].txt - [2119 octets] - [05/10/2014 14:43:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2179 octets] ##########


  • 0

Advertisements


#11
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,
 

Can you please post the logs you have on C:\AdwCleaner?

 
Please follow my instructions carefully in case of doubts feel free to ask.

 

I only ask for the old logs created on 2014-10-02 and not a new AdwCleaner scan. The logs can be found on the folder C:\AdwCleaner
 

AdwCleaner[R0].txt - [797 octets] - [02/10/2014 23:22:04]
AdwCleaner[R1].txt - [2112 octets] - [05/10/2014 14:37:25]
AdwCleaner[S0].txt - [857 octets] - [02/10/2014 23:25:39]
AdwCleaner[S1].txt - [2119 octets] - [05/10/2014 14:43:57]


  • 0

#12
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

# AdwCleaner v3.311 - Report created 02/10/2014 at 23:22:04
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [659 octets] - [02/10/2014 23:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [718 octets] ##########

 

# AdwCleaner v3.311 - Report created 02/10/2014 at 23:25:39
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\bijhmdj4.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [797 octets] - [02/10/2014 23:22:04]
AdwCleaner[S0].txt - [719 octets] - [02/10/2014 23:25:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [778 octets] ##########


  • 0

#13
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi,

 

Thanks for the logs. It's strange they don't show the malware present on the OTL log that is now gone according with the FRST log.

 

You have a tricky infection let's start and see if we can kill it in one go. First a warning...
 

031.GIF !!! Trojan Warning !!! 031.GIF

 
One or more of the identified infections in your log is known to be a Password Stealer and/or use a backdoor.
The Password Stealer uses several techniques to catch all your passwords and user names used to access mail, games, forums, etc. A backdoor allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those financial institutions to inform them of your situation.
 
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the steps listed:


Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

 

  • Attached File  fixlist.txt   2.61KB   120 downloads
  • Download the file above and save it to the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)
  • Execute FRST by double clicking on the icon FRST.gif. Make sure all the other programs are close.
    FRST_Fix.png
  • Press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

 

Step 2 - Scan with aswMBR

  • Download aswMBR from here or here and save the file to the Desktop.
  • Double click the aswMBR.exe file to run it.
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
  • If you see the following prompt, click Yes:
    msgbox.png
    aswMBR_Start.png
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    aswMBR_QuickScan.png
  • On completion of the scan (the last line will show "Scan finished successfully") click Save log, save the file aswMBR.txt to the Desktop.
    WARNING: Don't click on the buttons FixMBR and Fix unless instructed to do so.
  • Open the log aswMBR.txt and post the full contents of the file in your next reply.

 

Step 3 - AdwCleaner Scan and Remove

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
    AdwCleaner_Clean.png
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Step 4 - Farbar Recovery Scan Tool (FRST)

  • Execute FRST/FRST64 again, right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST.png
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • Please copy and paste the log to your post.

 

 

Things I would like to see in your next reply:

  • The Fixlog.txt log
  • The aswMBR.txt log
  • AdwCleaner log AdwCleaner[S0].txt
  • The new FRST.txt log

 


  • 0

#14
scottzajaczkowski

scottzajaczkowski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am having trouble with step 1, an updated version of frst64 downloaded, I tried to press fix nothing happend, I ran scan again pressed fix nothing happens, I restarted and no fixlist, tells me fixlist must be in same location, when I go to folder of old first64 with logs I posted it updates and creates a folder file on desktop
  • 0

#15
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

I am having trouble with step 1, an updated version of frst64 downloaded, I tried to press fix nothing happend, I ran scan again pressed fix nothing happens, I restarted and no fixlist, tells me fixlist must be in same location, when I go to folder of old first64 with logs I posted it updates and creates a folder file on desktop

 

I just updated mine without any problem!

 

Delete all the copies of FRST64, download a fresh copy and save it to the Desktop then save the fixlist.txt also into the Desktop.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP