Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hacked and it won't clean up [Closed]


  • This topic is locked This topic is locked

#1
kid347

kid347

    New Member

  • Member
  • Pip
  • 1 posts

Here is my log:

 

OTL logfile created on: 12/11/2014 9:04:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerry\OneDrive\Downloads\Malware
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9879.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.99 Gb Total Physical Memory | 9.71 Gb Available Physical Memory | 80.99% Memory free
13.80 Gb Paging File | 11.49 Gb Available in Paging File | 83.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.74 Gb Total Space | 122.81 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 844.06 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
 
Computer Name: STUDY | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/12/11 09:01:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\OneDrive\Downloads\Malware\OTL.exe
PRC - [2014/12/11 08:17:32 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
PRC - [2014/12/11 08:16:25 | 000,523,504 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
PRC - [2014/12/11 06:25:29 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
PRC - [2014/12/09 04:37:10 | 000,199,152 | ---- | M] (Z o o m i f y  A g e n t) -- C:\ProgramData\zoomify2\1.1.0.29\cozwhost.exe
PRC - [2014/12/09 04:36:58 | 000,477,168 | ---- | M] (Z o o m i f y  A g e n t) -- C:\ProgramData\zoomify2\1.1.0.29\cozhost.exe
PRC - [2014/12/09 04:36:46 | 000,163,328 | ---- | M] (Z o o m i f y   A g e n t) -- C:\ProgramData\zoomify2\1.1.0.29\cozahost.exe
PRC - [2014/12/09 04:36:28 | 000,160,768 | ---- | M] (Z o o m i f y   A g e n t) -- C:\ProgramData\zoomify2\1.1.0.29\coz32host.exe
PRC - [2014/12/05 19:58:36 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/25 09:04:02 | 000,451,928 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/11/24 20:37:57 | 000,278,688 | ---- | M] (Microsoft Corporation) -- C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/11/04 13:18:36 | 000,085,464 | ---- | M] (System Alerts LLC) -- C:\Users\Jerry\AppData\Local\DesktopTemperature\DesktopTemperature.exe
PRC - [2014/11/04 08:18:39 | 000,614,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/10/04 01:44:13 | 002,463,552 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/07/07 09:13:32 | 002,971,672 | R--- | M] (Nuance Communications, Inc.) -- D:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
PRC - [2014/03/07 08:49:22 | 000,242,504 | ---- | M] (Nuance) -- D:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
PRC - [2013/06/24 11:16:50 | 002,075,480 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2013/06/24 11:16:48 | 001,466,712 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2012/12/21 16:57:06 | 004,328,448 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe
PRC - [2012/06/14 09:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2010/05/20 14:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/11 09:03:57 | 001,175,040 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._core_.pyd
MOD - [2014/12/11 09:03:57 | 001,160,704 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_ssl.pyd
MOD - [2014/12/11 09:03:57 | 001,062,400 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._controls_.pyd
MOD - [2014/12/11 09:03:57 | 000,811,008 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._windows_.pyd
MOD - [2014/12/11 09:03:57 | 000,805,888 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._gdi_.pyd
MOD - [2014/12/11 09:03:57 | 000,735,232 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._misc_.pyd
MOD - [2014/12/11 09:03:57 | 000,713,216 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_hashlib.pyd
MOD - [2014/12/11 09:03:57 | 000,686,080 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\unicodedata.pyd
MOD - [2014/12/11 09:03:57 | 000,557,056 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\pysqlite2._sqlite.pyd
MOD - [2014/12/11 09:03:57 | 000,525,640 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\windows._lib_cacheinvalidation.pyd
MOD - [2014/12/11 09:03:57 | 000,364,544 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\pythoncom27.dll
MOD - [2014/12/11 09:03:57 | 000,320,512 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32com.shell.shell.pyd
MOD - [2014/12/11 09:03:57 | 000,167,936 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32gui.pyd
MOD - [2014/12/11 09:03:57 | 000,128,512 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_elementtree.pyd
MOD - [2014/12/11 09:03:57 | 000,127,488 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\pyexpat.pyd
MOD - [2014/12/11 09:03:57 | 000,122,368 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._wizard.pyd
MOD - [2014/12/11 09:03:57 | 000,119,808 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32file.pyd
MOD - [2014/12/11 09:03:57 | 000,110,080 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\pywintypes27.dll
MOD - [2014/12/11 09:03:57 | 000,108,544 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32security.pyd
MOD - [2014/12/11 09:03:57 | 000,098,816 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32api.pyd
MOD - [2014/12/11 09:03:57 | 000,087,552 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_ctypes.pyd
MOD - [2014/12/11 09:03:57 | 000,078,336 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._animate.pyd
MOD - [2014/12/11 09:03:57 | 000,070,656 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\wx._html2.pyd
MOD - [2014/12/11 09:03:57 | 000,045,568 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_socket.pyd
MOD - [2014/12/11 09:03:57 | 000,038,912 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32inet.pyd
MOD - [2014/12/11 09:03:57 | 000,027,136 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\_multiprocessing.pyd
MOD - [2014/12/11 09:03:57 | 000,025,600 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32pdh.pyd
MOD - [2014/12/11 09:03:57 | 000,024,064 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32pipe.pyd
MOD - [2014/12/11 09:03:57 | 000,022,528 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32ts.pyd
MOD - [2014/12/11 09:03:57 | 000,018,432 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32event.pyd
MOD - [2014/12/11 09:03:57 | 000,017,408 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32profile.pyd
MOD - [2014/12/11 09:03:57 | 000,011,264 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32crypt.pyd
MOD - [2014/12/11 09:03:57 | 000,010,240 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\select.pyd
MOD - [2014/12/11 09:03:57 | 000,007,168 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\hashobjs_ext.pyd
MOD - [2014/12/11 09:03:56 | 000,035,840 | ---- | M] () -- C:\Users\Jerry\AppData\Local\Temp\_MEI74962\win32process.pyd
MOD - [2014/12/11 06:25:29 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
MOD - [2014/11/26 17:49:24 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eead5d3f89a46e7ded9ce58248e579d0\System.Configuration.ni.dll
MOD - [2014/11/24 21:25:59 | 005,466,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\0b3b5aaeddafe1f7b9fcb324a85ba5ae\System.Xml.ni.dll
MOD - [2014/11/24 21:25:56 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d7340ab239169de5afe3ae4aad29ac12\System.Windows.Forms.ni.dll
MOD - [2014/11/24 21:25:50 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0099369b0eb641b2368429ef3ffc844b\System.Drawing.ni.dll
MOD - [2014/11/24 21:25:28 | 007,994,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ad5482181e33872c1e0ad477cd317481\System.ni.dll
MOD - [2014/11/24 21:25:25 | 011,500,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5ebef9f3cce8b9909b8488dc98996cdc\mscorlib.ni.dll
MOD - [2014/09/10 12:59:48 | 001,046,288 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 15:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/21 16:57:06 | 004,328,448 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/10 23:02:54 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/11/04 09:29:36 | 000,105,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2014/11/04 09:29:28 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/11/04 09:29:27 | 000,092,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/11/04 08:19:15 | 000,209,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RetailDemoService.dll -- (RetailDemo)
SRV:64bit: - [2014/11/04 08:19:13 | 000,567,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/11/04 08:19:13 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/11/04 08:19:13 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2014/11/04 08:19:05 | 001,580,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/11/04 08:18:54 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/11/04 08:18:52 | 001,751,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/11/04 08:18:48 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/04 08:18:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MosHost)
SRV:64bit: - [2014/11/04 08:18:21 | 000,752,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/11/04 08:18:20 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.UserTrustedSignals.dll -- (UserTrustedSignals)
SRV:64bit: - [2014/11/04 08:18:20 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/11/04 08:18:11 | 000,614,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\coremessaging.dll -- (CoreUIRegistrar)
SRV:64bit: - [2014/11/04 08:18:06 | 001,117,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2014/11/04 08:18:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2014/11/04 08:18:04 | 000,441,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/11/04 08:18:04 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/11/04 08:18:04 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/11/04 08:18:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\threadorder.dll -- (THREADORDER)
SRV:64bit: - [2014/11/04 08:18:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2014/11/04 08:18:02 | 003,507,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/11/04 08:18:02 | 000,166,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2014/11/04 08:17:59 | 001,453,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2014/11/04 08:17:59 | 000,408,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2014/11/04 08:17:59 | 000,286,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2014/11/04 08:17:59 | 000,169,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/11/04 08:17:58 | 000,813,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/11/04 08:17:58 | 000,493,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2014/11/04 08:17:58 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2014/11/04 08:17:58 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/11/04 08:17:58 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/11/04 08:17:58 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/11/04 08:17:58 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/11/04 08:17:56 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2014/11/04 08:17:54 | 000,016,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/11/04 08:17:52 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\APHostService.dll -- (CommsAPHost)
SRV:64bit: - [2014/11/04 08:17:52 | 000,196,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2014/11/04 08:17:52 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/11/04 08:17:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/11/04 08:17:50 | 000,964,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataService)
SRV:64bit: - [2014/11/04 08:17:50 | 000,121,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2014/11/04 08:17:46 | 000,986,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreService)
SRV:64bit: - [2014/11/04 08:17:46 | 000,402,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/11/04 08:17:46 | 000,279,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenance)
SRV:64bit: - [2014/11/04 08:17:46 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/11/04 08:17:45 | 001,669,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/11/04 08:17:44 | 000,365,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.DeviceManagement.Enrollment.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2014/11/04 08:17:44 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushsvc)
SRV:64bit: - [2014/11/04 08:17:41 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/11/04 08:17:41 | 000,515,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2014/11/04 08:17:40 | 000,489,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/11/04 08:17:37 | 000,351,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/11/04 08:17:37 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/11/04 08:17:36 | 000,352,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/11/04 08:17:36 | 000,017,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/11/04 08:17:34 | 000,454,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/11/04 08:17:25 | 003,179,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/04 01:44:02 | 001,149,760 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014/10/04 01:43:58 | 019,440,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/07 18:22:49 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2012/10/15 08:05:04 | 000,014,848 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Program Files\Windows Home Server\LightsOutClientService.exe -- (LoClntService)
SRV:64bit: - [2011/01/10 12:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2014/12/11 08:17:32 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\snipsmart\updatesnipsmart.exe -- (Update snipsmart)
SRV - [2014/12/11 08:16:25 | 000,523,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe -- (Util snipsmart)
SRV - [2014/12/09 04:37:10 | 000,199,152 | ---- | M] (Z o o m i f y  A g e n t) [Auto | Running] -- C:\ProgramData\zoomify2\1.1.0.29\cozwhost.exe -- (cozwhost)
SRV - [2014/12/09 04:36:58 | 000,477,168 | ---- | M] (Z o o m i f y  A g e n t) [Auto | Running] -- C:\ProgramData\zoomify2\1.1.0.29\cozhost.exe -- (cozhost)
SRV - [2014/11/25 09:04:02 | 000,451,928 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/11/04 08:18:47 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\moshost.dll -- (MosHost)
SRV - [2014/11/04 08:18:41 | 000,464,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\coremessaging.dll -- (CoreUIRegistrar)
SRV - [2014/11/04 08:18:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/11/04 08:17:25 | 003,179,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/15 14:13:54 | 007,673,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage)
SRV - [2014/10/04 01:44:03 | 001,796,928 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/14 09:57:20 | 000,248,248 | R--- | M] (Western Digital) [Disabled | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/11 09:05:43 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/12/11 03:26:18 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys -- ({1993b064-46e3-4c7d-8b20-2161564a7685}Gw64)
DRV:64bit: - [2014/11/26 05:19:21 | 000,121,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2014/11/08 06:29:25 | 000,085,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/11/04 09:29:30 | 000,024,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014/11/04 09:29:28 | 000,030,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/11/04 09:29:14 | 000,038,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/11/04 08:19:26 | 000,030,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2014/11/04 08:18:50 | 000,058,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/11/04 08:18:11 | 001,279,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/11/04 08:18:11 | 000,942,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2014/11/04 08:18:11 | 000,389,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/11/04 08:18:11 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/11/04 08:18:11 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2014/11/04 08:18:06 | 000,203,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/11/04 08:18:06 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2014/11/04 08:18:06 | 000,031,264 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2014/11/04 08:18:04 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2014/11/04 08:17:59 | 000,039,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2014/11/04 08:17:56 | 000,197,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2014/11/04 08:17:56 | 000,162,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/11/04 08:17:56 | 000,161,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/11/04 08:17:56 | 000,093,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2014/11/04 08:17:56 | 000,079,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2014/11/04 08:17:56 | 000,077,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2014/11/04 08:17:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2014/11/04 08:17:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2014/11/04 08:17:52 | 000,060,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/11/04 08:17:50 | 000,224,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/11/04 08:17:46 | 000,122,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2014/11/04 08:17:42 | 000,820,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2014/11/04 08:17:41 | 000,132,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/11/04 08:17:41 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/11/04 08:17:41 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/11/04 08:17:40 | 000,135,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/11/04 08:17:40 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2014/11/04 08:17:36 | 000,291,352 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/11/04 08:17:36 | 000,118,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/11/04 08:17:36 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/11/04 08:17:36 | 000,045,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/11/04 08:17:29 | 000,048,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2014/11/04 08:17:29 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/11/04 08:17:29 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2014/11/04 08:17:29 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2014/11/04 08:17:27 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/11/04 08:17:27 | 000,508,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/11/04 08:17:27 | 000,450,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/11/04 08:17:27 | 000,351,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/11/04 08:17:27 | 000,306,208 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2014/11/04 08:17:27 | 000,206,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/11/04 08:17:27 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2014/11/04 08:17:27 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2014/11/04 08:17:27 | 000,078,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2014/11/04 08:17:27 | 000,064,536 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2014/11/04 08:17:27 | 000,063,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/11/04 08:17:27 | 000,058,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2014/11/04 08:17:27 | 000,057,376 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2014/11/04 08:17:27 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2014/11/04 08:17:27 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2014/11/04 08:17:27 | 000,040,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2014/11/04 08:17:27 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/11/04 08:17:27 | 000,031,768 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2014/11/04 08:17:27 | 000,028,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2014/11/04 08:17:27 | 000,018,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_755a9e6233e0cf52\swenum.sys -- (swenum)
DRV:64bit: - [2014/11/04 08:17:26 | 003,357,728 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2014/11/04 08:17:26 | 000,782,880 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2014/11/04 08:17:26 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2014/11/04 08:17:26 | 000,532,000 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2014/11/04 08:17:26 | 000,260,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2014/11/04 08:17:26 | 000,175,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2014/11/04 08:17:26 | 000,109,600 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2014/11/04 08:17:26 | 000,098,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2014/11/04 08:17:26 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2014/11/04 08:17:26 | 000,091,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2014/11/04 08:17:26 | 000,083,488 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2014/11/04 08:17:26 | 000,080,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2014/11/04 08:17:26 | 000,065,056 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2014/11/04 08:17:26 | 000,041,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2014/11/04 08:17:26 | 000,026,656 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2014/11/04 08:17:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2014/11/04 08:17:26 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfnclass.sys -- (genericusbfn)
DRV:64bit: - [2014/11/04 08:17:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2014/11/04 08:17:26 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2014/11/04 08:17:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2014/11/04 08:17:26 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2014/11/04 08:17:25 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2014/11/04 08:17:23 | 000,082,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/11/04 08:17:22 | 000,271,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/11/04 08:17:22 | 000,119,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2014/11/04 08:17:22 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2014/11/04 08:17:22 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (NETVSCVFPP)
DRV:64bit: - [2014/11/04 08:17:22 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2014/11/04 08:17:22 | 000,076,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/11/04 08:17:22 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/11/04 08:17:22 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2014/11/04 08:17:22 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2014/11/04 08:17:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2014/11/04 08:17:22 | 000,041,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/11/04 08:17:22 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a3c08913b01ca5eb\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2014/11/04 08:17:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2014/11/04 08:17:22 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2014/11/04 08:17:22 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2014/11/04 08:17:22 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2014/11/04 08:17:22 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2014/11/04 08:17:22 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2014/11/04 08:17:22 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2014/10/15 14:14:22 | 000,044,736 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh)
DRV:64bit: - [2014/10/15 14:14:20 | 000,255,680 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd)
DRV:64bit: - [2014/10/04 01:43:58 | 000,020,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/09/04 14:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/27 02:53:50 | 000,034,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LcUvcUpper.sys -- (LcUvcUpper)
DRV:64bit: - [2013/09/23 10:46:22 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2013/05/17 10:13:26 | 000,017,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/09 09:24:20 | 000,106,632 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDUDSMBus.sys -- (WDUDSMBus)
DRV:64bit: - [2012/06/09 09:22:04 | 000,180,360 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDUDSTcpBus.sys -- (WDUDSTcpBus)
DRV:64bit: - [2010/05/20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/05/20 14:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2014/11/04 08:17:27 | 000,018,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_755a9e6233e0cf52\swenum.sys -- (swenum)
DRV - [2014/11/04 08:17:22 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a3c08913b01ca5eb\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 A0 89 8C C9 14 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {C875C42E-C68D-455B-868B-1F38E9619482}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{C875C42E-C68D-455B-868B-1F38E9619482}: "URL" = http://search.genieo...&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: D:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll (Zeon Corporation)
 
 
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifbkdoebpbcaddcjobobbanaokiepnb\1.3_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nldinbnjamakbcpgbngilmeafgaijenh\1.0.1_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/11/04 08:22:50 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {72351B45-9636-4F99-820B-7C552D27897D}} - No CLSID value found.
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (snipsmart 1.0.0.5) - {68261aaa-dc9f-4c2b-a168-c323e304c3a2} - C:\Program Files (x86)\snipsmart\snipsmartbho.dll File not found
O2 - BHO: (no name) - {72351B45-9636-4F99-820B-7C552D27897D}} - No CLSID value found.
O2 - BHO: (Nuance PDF Toolbar Helper) - {940361F8-7F16-4498-AB43-2EFFE0235AFA} - D:\Program Files (x86)\Nuance\Power PDF\bin\SZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {9D137966-2E29-45C5-9B12-29D5427F8F66} - D:\Program Files (x86)\Nuance\Power PDF\bin\PlusIEContextMenu.dll (Zeon Corporation)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - D:\Program Files (x86)\Nuance\Power PDF\bin\SZeonIEFavClient.dll (Zeon Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OODITRAY.EXE] D:\Program Files\OO Software\DiskImage\ooditray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" File not found
O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] D:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 7-reminder] "D:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" File not found
O4 - HKLM..\Run: [Nuance Power PDF Standard-reminder] D:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NuanPowerPdf1NPDFLM] D:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OmniPage Preload] D:\Program Files (x86)\Nuance\OmniPage18\OmniPage.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerPDF Registry Controller] D:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Print Share] C:\Program Files (x86)\Western Digital\WD Print Share\WDPrintShare.exe ()
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7520 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-7520 Series" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Jerry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk = C:\Users\Jerry\AppData\Local\DesktopTemperature\DesktopTemperature.exe (System Alerts LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with Convert Assistant - D:\Program Files (x86)\Nuance\Power PDF\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Open with Power PDF - D:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Convert Assistant - D:\Program Files (x86)\Nuance\Power PDF\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with Power PDF - D:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Users\Jerry\AppData\Local\DesktopTemperature\xtnTsT.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: genieo.com ([search] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A560D443-112C-49AA-99EF-F01EDE8E48B5}: DhcpNameServer = 192.168.1.100
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/11 08:51:40 | 000,048,784 | ---- | C] (StdLib) -- C:\WINDOWS\SysNative\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
[2014/12/11 08:29:18 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\SysNative\bootdelete.exe
[2014/12/10 23:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/12/10 23:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/12/10 23:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/12/10 19:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\1837308050
[2014/12/10 19:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/12/10 19:13:58 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2014/12/10 19:13:58 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2014/12/10 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\System_Alerts_LLC
[2014/12/10 19:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
[2014/12/10 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\DesktopTemperature
[2014/12/10 18:52:20 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\AppData\Roaming\AnyProtectEx
[2014/12/10 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Deployment
[2014/12/10 17:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\zoomify2
[2014/12/10 17:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\snipsmart
[2014/12/09 17:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2014/12/09 17:30:54 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2014/12/09 17:30:52 | 020,530,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2014/12/09 17:30:52 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2014/12/09 17:30:50 | 027,951,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2014/12/09 17:30:49 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.tlb
[2014/12/09 17:30:49 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.tlb
[2014/12/09 17:30:49 | 000,569,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/12/09 17:30:17 | 000,196,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ataport.sys
[2014/12/09 17:30:17 | 000,121,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2014/12/09 17:30:17 | 000,054,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pciidex.sys
[2014/12/08 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\ScanSoft
[2014/12/08 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\ScanSoft
[2014/12/08 17:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2014/12/08 17:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance OmniPage 18
[2014/12/08 17:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jerry\New folder
[2014/12/08 17:26:28 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Omnipage 18
[2014/12/05 20:03:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\Google
[2014/12/05 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\Jerry\Google Drive
[2014/12/05 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014/12/05 19:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/05 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Google
[2014/12/05 17:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/12/04 16:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2014/12/04 16:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2014/11/28 12:21:31 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2014/11/28 09:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2014/11/28 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/11/28 09:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/11/27 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\631 Riverside INFO
[2014/11/26 17:31:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CscMig.dll
[2014/11/26 17:31:33 | 000,131,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpapi.dll
[2014/11/26 17:31:31 | 007,537,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/11/26 17:31:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthExt.dll
[2014/11/26 17:31:25 | 004,164,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/11/26 17:31:25 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2014/11/26 17:31:25 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2014/11/26 17:31:25 | 000,085,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014/11/26 17:31:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthExt.dll
[2014/11/26 17:31:25 | 000,027,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininitext.dll
[2014/11/26 17:31:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmsgapi.dll
[2014/11/26 17:31:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonUI.exe
[2014/11/26 17:31:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmsgapi.dll
[2014/11/26 17:31:24 | 012,641,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/11/26 17:31:24 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/11/26 17:31:24 | 001,222,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2014/11/26 17:31:24 | 000,688,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll
[2014/11/26 17:31:24 | 000,550,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2014/11/26 17:31:24 | 000,544,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll
[2014/11/26 17:31:24 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2014/11/26 17:31:24 | 000,225,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininit.exe
[2014/11/26 17:31:24 | 000,032,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininitext.dll
[2014/11/26 17:31:23 | 014,028,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/11/26 17:31:23 | 002,473,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/11/26 17:31:20 | 003,574,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2014/11/26 17:31:20 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2014/11/24 23:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/11/24 23:18:13 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/11/24 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/11/24 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/11/24 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/11/24 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/11/24 23:15:56 | 000,778,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2014/11/24 23:15:56 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/11/24 23:15:56 | 000,035,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2014/11/24 23:15:54 | 001,166,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2014/11/24 23:15:54 | 000,124,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/11/24 23:15:54 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2014/11/24 20:44:33 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\AppData\Local\EmieBrowserModeList
[2014/11/24 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/11/24 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Publishers
[2014/11/24 20:26:32 | 002,590,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintConfig.dll
[2014/11/24 20:22:12 | 000,000,000 | --SD | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\Links
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\Favorites
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\Documents
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\Desktop
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/24 20:22:12 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\AppData\Local\Temporary Internet Files
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Templates
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Start Menu
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\SendTo
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Recent
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\PrintHood
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\NetHood
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Documents\My Videos
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Documents\My Pictures
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Documents\My Music
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\My Documents
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Local Settings
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\AppData\Local\History
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Cookies
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\Application Data
[2014/11/24 20:22:12 | 000,000,000 | -HSD | C] -- C:\Users\Jerry\AppData\Local\Application Data
[2014/11/24 20:22:12 | 000,000,000 | -H-D | C] -- C:\Users\Jerry\AppData
[2014/11/24 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Temp
[2014/11/24 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Microsoft
[2014/11/24 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/24 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2014/11/24 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2014/11/24 20:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/11/24 20:21:20 | 006,890,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2014/11/24 20:21:20 | 003,529,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2014/11/24 20:21:20 | 000,385,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2014/11/24 20:21:20 | 000,062,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2014/11/24 20:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/11/24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/11/24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/11/24 20:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/11/22 23:49:28 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Cloud Sync Folder - New folder
[2014/11/22 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\gladinet
[2014/11/22 23:01:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Gladinet
[2014/11/22 22:59:55 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Nuance
[2014/11/22 22:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance Power PDF Standard
[2014/11/22 22:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIXTRAN
[2014/11/22 22:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/11/22 22:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2014/11/22 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Nuance PDF Standard
[2014/11/22 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Downloads
[2014/11/22 22:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Solid State Networks
[2014/11/21 14:47:36 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\AmScope
[2014/11/21 14:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmScope
[2014/11/19 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Zeon
[2014/11/18 20:47:50 | 001,691,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FM20.DLL
[2014/11/18 09:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Visual DataBase
[2014/11/18 09:13:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Documents\My Visual DataBase
[2014/11/18 09:13:02 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Programs
[2014/11/13 17:58:56 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_43.dll
[2014/11/13 17:58:56 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_43.dll
[2014/11/12 15:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\PackageStaging
[6 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\Users\Jerry\AppData\Local\*.tmp files -> C:\Users\Jerry\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/11 09:06:29 | 000,904,968 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/11 09:06:29 | 000,761,016 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/11 09:06:29 | 000,145,544 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/11 09:05:43 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/12/11 09:05:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/11 09:03:46 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/11 09:03:40 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\STUDY_Jerry_HistoryPrediction.bin
[2014/12/11 09:03:30 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\OO DiskImage {a4393c6f-6db6-4b9b-8bde-4b61d1b6dabc}.job
[2014/12/11 09:03:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/11 09:03:20 | 1710,477,310 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/11 08:47:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\SysNative\bootdelete.exe
[2014/12/11 08:47:36 | 000,001,510 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2014/12/11 03:26:18 | 000,048,784 | ---- | M] (StdLib) -- C:\WINDOWS\SysNative\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
[2014/12/10 23:03:26 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/10 23:02:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/12/10 19:20:29 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014/12/10 19:20:29 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014/12/10 19:13:52 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2014/12/10 19:13:52 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2014/12/10 19:13:33 | 000,001,173 | ---- | M] () -- C:\Users\Jerry\Desktop\Continue Live Installation.lnk
[2014/12/10 19:12:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014/12/10 19:08:55 | 000,910,843 | ---- | M] () -- C:\Users\Jerry\Desktop\manuals.pdf
[2014/12/10 19:08:50 | 000,002,190 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
[2014/12/08 17:33:37 | 000,000,403 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
[2014/12/08 13:07:52 | 000,205,154 | ---- | M] () -- C:\Users\Jerry\Desktop\BC547-190204.pdf
[2014/12/08 11:11:44 | 000,085,010 | ---- | M] () -- C:\Users\Jerry\Desktop\BC847.pdf
[2014/12/08 10:58:35 | 000,319,709 | ---- | M] () -- C:\Users\Jerry\Desktop\manual_mk130.pdf
[2014/12/05 19:11:27 | 000,143,082 | ---- | M] () -- C:\Users\Jerry\Desktop\70_ Off_ Exclusive Cyber Monday Savings  .pdf
[2014/12/05 17:11:03 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/12/04 16:19:34 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\O&O DiskImage.lnk
[2014/12/03 12:08:24 | 000,569,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/12/03 12:08:21 | 027,951,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2014/12/03 11:18:58 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.tlb
[2014/12/03 11:01:12 | 000,421,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2014/12/03 08:09:16 | 020,530,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2014/12/03 07:19:20 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.tlb
[2014/12/03 07:04:19 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2014/11/28 12:17:40 | 000,000,780 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/11/28 00:39:15 | 000,498,672 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/26 21:18:11 | 000,777,230 | ---- | M] () -- C:\Users\Jerry\Documents\HDM4100 Multimeeter Manual.pdf
[2014/11/26 18:03:52 | 000,714,720 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/11/26 18:03:52 | 000,106,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/26 05:19:21 | 000,121,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2014/11/26 05:19:14 | 000,054,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pciidex.sys
[2014/11/26 05:19:03 | 000,196,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ataport.sys
[2014/11/24 21:14:34 | 000,169,835 | ---- | M] () -- C:\Users\Jerry\Documents\House Wind Mitigation Report.pdf
[2014/11/24 20:27:43 | 000,036,198 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/11/24 20:27:43 | 000,036,198 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/11/24 20:27:31 | 000,022,840 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/11/24 20:21:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
[2014/11/24 20:12:09 | 002,097,152 | ---- | M] () -- C:\WINDOWS\windowsupdate.etl
[2014/11/22 23:49:28 | 000,002,166 | ---- | M] () -- C:\Users\Jerry\Documents\Cloud Sync Folder - New folder.lnk
[2014/11/21 14:47:34 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\AmScope(x64).lnk
[2014/11/21 14:47:33 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\AmScope(x86).lnk
[2014/11/19 18:15:02 | 000,107,998 | ---- | M] () -- C:\Users\Jerry\Desktop\Fluike 177 receipt.pdf
[2014/11/19 00:59:03 | 003,574,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2014/11/19 00:58:39 | 000,745,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2014/11/18 20:47:50 | 001,691,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FM20.DLL
[2014/11/18 09:13:27 | 000,000,818 | ---- | M] () -- C:\Users\Jerry\Desktop\My Visual DataBase.lnk
[2014/11/13 20:31:00 | 000,001,187 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[6 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\Users\Jerry\AppData\Local\*.tmp files -> C:\Users\Jerry\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/11 09:05:43 | 000,001,848 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{A137E124-24B0-E4B8-1C9B-70319DF8FBF2}.lnk
[2014/12/10 23:07:18 | 000,001,510 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2014/12/10 23:06:34 | 000,002,064 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{D43A3740-B095-C01A-0F25-427194A887C5}.lnk
[2014/12/10 23:02:54 | 000,043,664 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/12/10 23:02:54 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/12/10 19:08:55 | 000,910,843 | ---- | C] () -- C:\Users\Jerry\Desktop\manuals.pdf
[2014/12/10 19:08:50 | 000,002,190 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
[2014/12/10 18:52:27 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP1.job
[2014/12/10 18:52:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP3.job
[2014/12/10 18:52:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierPP2.job
[2014/12/10 18:51:59 | 000,001,173 | ---- | C] () -- C:\Users\Jerry\Desktop\Continue Live Installation.lnk
[2014/12/08 17:39:24 | 006,448,640 | ---- | C] () -- C:\Users\Jerry\Documents\Newsletter Sample.opd
[2014/12/08 17:33:36 | 000,000,403 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2014/12/08 13:07:52 | 000,205,154 | ---- | C] () -- C:\Users\Jerry\Desktop\BC547-190204.pdf
[2014/12/08 11:11:43 | 000,085,010 | ---- | C] () -- C:\Users\Jerry\Desktop\BC847.pdf
[2014/12/08 10:58:35 | 000,319,709 | ---- | C] () -- C:\Users\Jerry\Desktop\manual_mk130.pdf
[2014/12/05 19:59:22 | 000,001,956 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{58C03F50-4B0F-90DE-08AD-268EB1A0E49C}.lnk
[2014/12/05 19:58:39 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/05 19:58:39 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/05 19:11:22 | 000,143,082 | ---- | C] () -- C:\Users\Jerry\Desktop\70_ Off_ Exclusive Cyber Monday Savings  .pdf
[2014/12/05 17:11:03 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/12/04 17:06:40 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\OO DiskImage {a4393c6f-6db6-4b9b-8bde-4b61d1b6dabc}.job
[2014/12/04 17:06:39 | 000,001,943 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{15347234-E343-F021-C990-5020DBA975C6}.lnk
[2014/12/04 16:23:04 | 000,001,948 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{FE0CD4DE-648B-C0E9-A9AB-5C3BA82589B3}.lnk
[2014/12/04 16:19:34 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\O&O DiskImage.lnk
[2014/11/28 12:16:30 | 000,000,780 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/28 12:01:51 | 000,002,277 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
[2014/11/28 11:52:15 | 000,002,303 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
[2014/11/27 22:17:48 | 000,001,904 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{8CC7AB4D-1ABE-0C4D-BA19-05BF1DF11455}.lnk
[2014/11/26 21:18:11 | 000,777,230 | ---- | C] () -- C:\Users\Jerry\Documents\HDM4100 Multimeeter Manual.pdf
[2014/11/24 21:14:34 | 000,169,835 | ---- | C] () -- C:\Users\Jerry\Documents\House Wind Mitigation Report.pdf
[2014/11/24 20:38:09 | 000,002,383 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{7EF6F92D-6FB9-C570-2F4A-B4DC0234F743}.lnk
[2014/11/24 20:38:00 | 000,002,365 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2014/11/24 20:37:43 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\STUDY_Jerry_HistoryPrediction.bin
[2014/11/24 20:37:15 | 000,001,326 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/24 20:33:07 | 000,904,968 | ---- | C] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/24 20:24:47 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/11/24 20:22:12 | 000,036,198 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/11/24 20:22:12 | 000,036,198 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/11/24 20:22:12 | 000,000,369 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/11/24 20:22:12 | 000,000,369 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/11/24 20:22:12 | 000,000,352 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/24 20:22:12 | 000,000,334 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/24 20:21:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
[2014/11/24 20:21:20 | 003,961,833 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2014/11/22 23:49:28 | 000,002,166 | ---- | C] () -- C:\Users\Jerry\Documents\Cloud Sync Folder - New folder.lnk
[2014/11/21 14:47:34 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\AmScope(x64).lnk
[2014/11/21 14:47:33 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\AmScope(x86).lnk
[2014/11/19 18:15:02 | 000,107,998 | ---- | C] () -- C:\Users\Jerry\Desktop\Fluike 177 receipt.pdf
[2014/11/18 09:13:27 | 000,000,818 | ---- | C] () -- C:\Users\Jerry\Desktop\My Visual DataBase.lnk
[2014/11/04 08:45:53 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014/11/04 08:23:23 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2014/11/04 08:23:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2014/11/04 08:18:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2014/11/04 08:18:44 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/11/04 08:18:39 | 000,109,056 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/11/04 08:18:37 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2014/11/04 08:18:37 | 000,017,408 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2014/11/04 08:18:33 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/11/04 08:17:42 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/07/17 16:34:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EW7520.ini
 
========== ZeroAccess Check ==========
 
[2014/12/10 17:32:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/11/25 04:20:16 | 022,559,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/11/25 02:23:05 | 020,431,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/11/04 08:17:44 | 000,994,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/04 08:18:31 | 000,778,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/11/04 08:17:43 | 000,495,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 273 bytes -> C:\ProgramData\TEMP:F9CFE070
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:A303874F
@Alternate Data Stream - 220 bytes -> C:\Users\Jerry\SkyDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\Jerry\OneDrive:ms-properties
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 183 bytes -> C:\Users\Jerry\SkyDrive (2).old:ms-properties
@Alternate Data Stream - 162 bytes -> C:\Users\Jerry\SkyDrive (3).old:ms-properties

< End of report >

Attached Files


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


I'd like you to present me a report from a natively 64-bit tool.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

 

 

It would be also helpful if you'd be descriptive about the symptoms you're experiencing.


  • 0

#3
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP