Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popups on new laptop


  • Please log in to reply

#1
leighai

leighai

    New Member

  • Member
  • Pip
  • 2 posts

Got a new laptop last week and have managed to get a popup or malware already. I hope I can get some help here. Thank you

 

 

Attached Files

  • Attached File  OTL.Txt   159.17KB   129 downloads
  • Attached File  extras.txt   61.73KB   103 downloads

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Please don't attach logs to forum paste them directly in. I'm posting your logs please provide me time to look them over.

OTL logfile created on: 5/2/2014 10:11:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 35.74% Memory free
4.39 Gb Paging File | 1.76 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.78 Gb Total Space | 384.89 Gb Free Space | 86.15% Space Free | Partition Type: NTFS
Drive D: | 18.22 Gb Total Space | 1.87 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: LEIGHA | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/02 21:47:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL.exe
PRC - [2014/04/28 05:38:05 | 003,543,056 | ---- | M] (Aztec Media Inc) -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
PRC - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2014/04/17 20:18:58 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/15 04:40:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Users\Mom\AppData\Local\Mozilla Firefox\firefox.exe
PRC - [2014/02/21 18:34:26 | 000,424,560 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2013/10/18 02:26:45 | 000,298,760 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/10/18 02:26:43 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2013/10/08 15:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/09/01 22:18:24 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/08/05 03:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/28 05:38:18 | 000,490,000 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
MOD - [2014/03/15 04:40:39 | 003,642,480 | ---- | M] () -- C:\Users\Mom\AppData\Local\Mozilla Firefox\mozjs.dll
MOD - [2013/08/05 19:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 03:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/02/06 06:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2013/11/07 23:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/16 19:32:54 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/10/14 15:29:40 | 000,087,552 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2013/10/14 15:23:20 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe -- (Cachedrv server)
SRV:64bit: - [2013/09/25 22:06:56 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/25 10:49:06 | 000,099,328 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/09/25 10:48:00 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/09/21 01:38:15 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/21 01:36:18 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/09/21 01:34:45 | 001,555,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/18 23:29:35 | 001,581,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/09/14 04:35:35 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/31 06:00:10 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/26 02:13:24 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/08/22 08:39:24 | 003,395,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/08/22 08:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 08:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 06:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 05:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 05:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 05:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 05:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/02 17:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcbootdelaystartsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/24 22:21:46 | 000,334,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/04/28 05:38:05 | 003,543,056 | ---- | M] (Aztec Media Inc) [Auto | Running] -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
SRV - [2014/04/21 19:47:07 | 000,197,632 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/17 20:18:58 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/10/18 02:26:45 | 000,298,760 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/10/18 02:26:43 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/10/08 15:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/08/31 05:25:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/29 22:31:42 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/08/26 02:13:24 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/08/26 02:13:24 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/08/26 02:13:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/02 21:19:15 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/03/17 18:25:42 | 000,069,344 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/01/07 21:46:27 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/10 22:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 07:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 20:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/25 21:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/18 22:48:54 | 002,946,264 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/10/16 15:58:12 | 000,638,312 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/10/12 22:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/01 16:31:00 | 000,536,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/10/01 16:31:00 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/10/01 16:31:00 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/09/25 23:10:44 | 012,533,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/25 21:41:10 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/24 19:32:56 | 000,290,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/21 08:10:51 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/17 05:18:30 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/14 10:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 15:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 15:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,056,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/08/22 08:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 08:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 08:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 08:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 08:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 08:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 07:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 18:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 20:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/06/23 04:49:50 | 000,138,240 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/03/05 16:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 02:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/02/07 18:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdAS4.sys -- (AmdAS4)
DRV - [2014/04/28 05:38:06 | 000,036,240 | ---- | M] (Aztec Media Inc) [Kernel | System | Running] -- C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)
DRV - [2013/10/18 22:48:54 | 002,946,264 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rtwlane.sys -- (RTWlanE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/04/25 10:05:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Users\Mom\AppData\Local\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Users\Mom\AppData\Local\Mozilla Firefox\plugins

[2014/04/21 19:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions
[2014/04/29 22:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\3d29goud.default\extensions
[2014/04/29 22:18:56 | 000,000,000 | ---D | M] (Start Savin) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\3d29goud.default\extensions\{8C5FCD2C-1E9D-137D-E624-6E9E2017F1D7}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/04/29 22:18:48 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.221.22.25 imfpmncmbojnbdhnogcegojocabhpbnh
O2:64bit: - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll ()
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO.dll ()
O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BService] C:\Program Files (x86)\Bench\BService\bservice.exe ()
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe File not found
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [Start Savin-repairJob] C:\Users\Mom\AppData\Local\Start Savin\repair.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1058CC78-9164-4C45-920E-19615CAF4660}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll) - c:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (c:\program files (x86)\settings manager\systemk\sysapcrt.dll) - c:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/02 15:57:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/01 23:36:38 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/01 23:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 23:35:48 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/01 23:35:48 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/01 23:35:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/01 23:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/01 23:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/01 23:35:16 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Programs
[2014/05/01 23:33:24 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Avatar
[2014/05/01 23:33:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\CyberLink
[2014/05/01 23:23:38 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2014/05/01 23:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/01 23:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/01 23:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/01 23:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/01 16:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk
[2014/04/30 23:04:06 | 000,000,000 | R--D | C] -- C:\Users\Mom\SkyDrive
[2014/04/29 22:19:04 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\BenchUpdater
[2014/04/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Start Savin
[2014/04/29 22:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bench
[2014/04/29 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Start Savin
[2014/04/25 10:05:14 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/04/24 19:49:14 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/24 00:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/04/24 00:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/04/24 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Blizzard Entertainment
[2014/04/24 00:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Battle.net
[2014/04/24 00:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Battle.net
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014/04/24 00:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2014/04/22 20:25:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\hpqlog
[2014/04/22 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Hewlett-Packard
[2014/04/22 02:37:19 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Hewlett-Packard
[2014/04/22 02:36:56 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Macromedia
[2014/04/22 02:34:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Youcam
[2014/04/22 02:34:44 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\CyberLink
[2014/04/22 02:33:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Synaptics
[2014/04/22 02:33:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Power2Go8
[2014/04/22 02:33:34 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/22 02:33:34 | 000,000,000 | R--D | C] -- C:\Users\Mom\Searches
[2014/04/22 02:33:34 | 000,000,000 | R--D | C] -- C:\Users\Mom\Contacts
[2014/04/22 02:33:34 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/22 02:33:34 | 000,000,000 | -H-D | C] -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/04/22 02:33:29 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\VirtualStore
[2014/04/22 02:33:29 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Adobe
[2014/04/22 02:33:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/04/22 02:33:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Packages
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\AppData\Local\Temporary Internet Files
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Templates
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Start Menu
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\SendTo
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Recent
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\PrintHood
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\NetHood
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Documents\My Videos
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Documents\My Pictures
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Documents\My Music
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\My Documents
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Local Settings
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\AppData\Local\History
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Cookies
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\Application Data
[2014/04/22 02:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Mom\AppData\Local\Application Data
[2014/04/22 02:33:05 | 000,000,000 | --SD | C] -- C:\Users\Mom\AppData\Roaming\Microsoft
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Videos
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Saved Games
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Pictures
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Music
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Links
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Favorites
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Downloads
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Documents
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\Desktop
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/22 02:33:05 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/04/22 02:33:05 | 000,000,000 | -H-D | C] -- C:\Users\Mom\Documents\hp.system.package.metadata
[2014/04/22 02:33:05 | 000,000,000 | -H-D | C] -- C:\Users\Mom\Documents\hp.applications.package.appdata
[2014/04/22 02:33:05 | 000,000,000 | -H-D | C] -- C:\Users\Mom\AppData
[2014/04/22 02:33:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Temp
[2014/04/22 02:33:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Microsoft
[2014/04/22 02:33:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/22 02:29:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/04/21 21:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/04/21 21:38:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Yahoo!
[2014/04/21 21:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2014/04/21 21:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/04/21 21:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/04/21 19:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/04/21 19:46:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2014/04/21 19:42:47 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\pinger.com
[2014/04/21 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Mozilla
[2014/04/21 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Mozilla
[2014/04/21 19:39:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Custom Office Templates
[2014/04/21 19:39:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Mozilla Firefox
[2014/04/21 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\PC Speed Maximizer
[2014/04/21 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\PC Speed Maximizer
[2014/04/21 19:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkey
[2014/04/21 19:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Manager
[2014/04/21 19:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/04/21 19:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/04/21 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/04/21 19:10:11 | 000,000,000 | R--D | C] -- C:\Users\Mom\SkyDrive.old
[2014/04/21 19:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2014/04/21 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2014/04/21 19:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/04/21 19:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/04/21 19:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/04/21 19:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/21 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/04/21 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Google
[2014/04/21 19:02:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Deployment
[2014/04/21 19:02:28 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2014/05/02 22:13:03 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf5db6aa0d51be.job
[2014/05/02 21:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/02 21:19:15 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/02 19:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014/05/02 19:13:06 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 19:13:05 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf5db6a7c29eb7.job
[2014/05/02 17:28:03 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
[2014/05/02 15:18:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2014/05/02 14:29:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-3278502167-1051688349-1540034803-1002.job
[2014/05/01 23:36:11 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/01 20:43:18 | 000,956,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/01 20:43:18 | 000,796,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/01 20:43:18 | 000,161,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/01 20:35:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/01 20:35:33 | 2967,056,384 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 22:18:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/28 00:18:07 | 000,096,001 | ---- | M] () -- C:\Users\Mom\Desktop\cc.jpg
[2014/04/26 16:14:51 | 000,476,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/24 00:10:11 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/04/24 00:05:50 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/04/22 02:36:46 | 000,001,447 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/22 02:33:26 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
[2014/04/21 21:37:52 | 000,001,188 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2014/04/21 21:37:52 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2014/04/21 19:44:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/04/21 19:39:33 | 000,001,205 | ---- | M] () -- C:\Users\Mom\Desktop\Mozilla Firefox.lnk
[2014/04/21 19:21:16 | 000,002,310 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014/05/01 23:36:11 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 22:18:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/29 22:18:46 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
[2014/04/29 22:18:46 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-3278502167-1051688349-1540034803-1002.job
[2014/04/28 00:18:07 | 000,096,001 | ---- | C] () -- C:\Users\Mom\Desktop\cc.jpg
[2014/04/25 16:33:14 | 000,138,240 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/04/25 16:33:14 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/04/24 00:10:11 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/04/24 00:05:50 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/04/22 02:36:46 | 000,001,447 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/22 02:33:29 | 000,001,453 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/22 02:33:26 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
[2014/04/22 02:33:25 | 000,002,387 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2014/04/22 02:33:25 | 000,002,285 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2014/04/22 02:33:06 | 000,000,352 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/04/22 02:33:06 | 000,000,334 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/04/21 21:37:52 | 000,001,188 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2014/04/21 21:37:52 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2014/04/21 19:44:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/04/21 19:39:33 | 000,001,213 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/21 19:39:33 | 000,001,205 | ---- | C] () -- C:\Users\Mom\Desktop\Mozilla Firefox.lnk
[2014/04/21 19:10:10 | 000,002,173 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2014/04/21 19:08:53 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf5db6aa0d51be.job
[2014/04/21 19:08:49 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf5db6a7c29eb7.job
[2014/04/21 19:03:50 | 000,002,310 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/21 19:03:50 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/19 07:03:05 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/01/19 06:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/25 22:49:40 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/09/25 22:49:40 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/25 22:07:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/09/25 22:07:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/09/25 21:36:12 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2013/09/25 10:55:32 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/26 02:13:37 | 000,931,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/11/06 20:40:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 04:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/09 00:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/02 21:50:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2014/04/24 08:12:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Battle.net
[2014/04/21 19:26:12 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PC Speed Maximizer
[2014/04/22 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Synaptics
[2014/04/21 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Users\Mom\SkyDrive:ms-properties

< End of report >


OTL Extras logfile created on: 5/2/2014 9:48:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 31.19% Memory free
4.39 Gb Paging File | 1.77 Gb Available in Paging File | 40.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.78 Gb Total Space | 385.20 Gb Free Space | 86.22% Space Free | Partition Type: NTFS
Drive D: | 18.22 Gb Total Space | 1.87 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: LEIGHA | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{363FA916-6FDD-4C77-ABC1-526528DEDAB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CC0F9C4B-D164-4F83-A55D-D87127AFD8BA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D956DFE8-C9BD-41B1-836B-2F39F0A15267}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04075795-03D3-4F02-81C9-0795AA99AA8C}" = dir=in | name=microsoft solitaire collection |
"{052021F6-B0A7-4AAA-AF7B-594EFF443475}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{07CF2D22-EB45-4D23-ABE2-AFB881E013F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0943C7D3-0DA4-4FA7-A060-E9AB50FB78DA}" = dir=in | name=skype |
"{0D45A681-06A1-4D22-AF05-1EAF4CAEC622}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{0E45E01E-D5CF-40FF-9F99-087CA8B3C473}" = dir=out | name=microsoft solitaire collection |
"{11760002-1189-4EE6-9AD8-E500EC49FB5B}" = dir=out | app=c:\users\mom\appdata\local\temp\file_to_run55724.exe |
"{18ADF2BA-6057-471E-9F4A-47F924781710}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1AF121A5-F711-4FF4-92DC-C048236E134C}" = dir=out | name=@{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{1C045491-4772-4E9B-B3C4-753AFFE732BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"{1DF775FC-83D1-439A-A173-516421AC2580}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{21528F33-F294-4E03-A973-B309E77E3110}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{24923E29-0F7A-421E-A76A-767933901AB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2A40A05B-33CB-4442-8130-857D0BCE9EE6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{335A45FA-0B91-4667-94A3-16071BD21798}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{33FD14D4-487D-42A9-B00D-19F3314D29A5}" = dir=in | app=c:\users\mom\appdata\local\temp\file_3753328191.exe |
"{3490B333-63B1-4859-BC89-C838630CA28F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{36348AC8-37BE-4263-9400-68F6254EB98B}" = dir=in | name=hp connected photo |
"{38CBD61A-26AB-40B0-A40D-A09E2F698CFE}" = dir=in | app=c:\users\mom\appdata\local\microsoft\skydrive\skydrive.exe |
"{38CD06C0-4F58-45D3-B382-23DA51145622}" = dir=out | name=mcafee® central for hp |
"{3C4E1BDC-A4A7-4907-9437-844CBA965719}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{3ED79347-086F-423F-91F1-5C98B57BAE7A}" = dir=out | name=hp connected photo |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4675C50F-8A4B-437B-B5AF-53B41575741B}" = dir=in | name=microsoft mahjong |
"{4956C7F7-E375-4A77-BF26-F80DEC763ADB}" = dir=out | name=unroll it |
"{50C547C0-9779-456E-9435-A170EC34D453}" = dir=in | app=c:\program files\pcreg\service.exe |
"{53627DEF-828B-4373-B811-D2DE7A90B429}" = dir=out | app=c:\program files\pcreg\pcreg.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{57A4796C-9010-466E-8D5C-0DDB51383C97}" = dir=out | name=ebay |
"{5862458C-611F-41F0-983F-0E6E8DE2452D}" = dir=out | name=microsoft mahjong |
"{58F1CF33-6358-468D-BCDC-57835A21C969}" = dir=out | name=- games app - |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6036CE9A-F97B-418C-892F-E8C34FA819BC}" = dir=in | name=mcafee® central for hp |
"{61FC807C-38A9-45B7-8DB8-8F5764F6BAD2}" = dir=out | name=youcam for hp |
"{6343D234-FD40-4C32-881E-1033FD62FE29}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{64912D72-4725-4A6B-88D9-7A9B0A8B7ACB}" = dir=out | name=box |
"{708F1232-73F6-4C19-AD48-DC0A8144B538}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{7091CA7D-9B4A-4F16-89BD-48C5C9554052}" = dir=in | name=getting started with windows 8 |
"{7207110E-D63A-4C8E-A3AD-FFED3D85E6B4}" = dir=in | app=c:\users\mom\appdata\local\temp\file_to_run55446.exe |
"{760D42D9-5A80-47FB-940B-7FDF2D4729A6}" = dir=out | name=windows_ie_ac_001 |
"{7920A97C-BA1C-4EE4-88A1-FB75F8AB3EC3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{7D245680-8EE4-4A33-A808-577263DE4A82}" = dir=out | app=c:\program files\pcreg\service.exe |
"{7E0B3BF1-15F9-4915-A2F3-414CD9B91FF2}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{82AE014E-7A7A-431D-8BFA-D393F2E5A0DA}" = dir=out | name=getting started with windows 8 |
"{934F188C-026E-428C-A3FF-A18538E7D589}" = dir=out | name=hp registration |
"{97BAB26E-2424-4655-B8E5-C9F82EE0332A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{986F2F87-D4EF-4902-A79C-EC357B958BBE}" = dir=out | app=c:\users\mom\appdata\local\temp\file_to_run55446.exe |
"{9B66CE4A-97E7-4176-8F51-D8CCC5620CCF}" = dir=out | name=skype |
"{9D08B289-D33A-4982-A09B-052C6E944418}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A605EF0E-07FE-4BD1-8402-2658D0431317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A7EDA137-DF87-46F3-A5CE-5A8492001F28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{BB82AB22-9A16-4F1A-A243-55A3C47E8508}" = dir=out | name=kindle |
"{BDA80A3D-6C73-40D9-BBFF-93E02CCD9095}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{C0AA1212-05E8-42F6-ADAB-37FBD12234CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{C24F5DCC-55EC-48ED-A2B2-16778E69B76F}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{C56C3C86-40CD-43A0-A00F-FF68588D94FB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{CF544727-D2C6-4CD7-9ED3-41F5CAB34CAC}" = dir=in | app=c:\users\mom\appdata\local\temp\file_147060.exe |
"{D0F8E6EF-9188-4DCE-BF3D-9B27B6A289AA}" = dir=out | name=netflix |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D7C54A4C-4444-493D-BF27-314B681F83C9}" = dir=in | app=c:\users\mom\appdata\local\temp\speedmax.exe |
"{DA2ACCDD-4576-4FC1-97BA-16D10F4FF9E8}" = dir=in | name=box |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DDBAFF4F-FA35-406B-A0C0-043DA55F29CF}" = dir=out | name=@{microsoft.zunemusic_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{E56BB48C-47E2-48BA-939E-66635B34F2B3}" = dir=out | name=hp connected drive |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ECCD13D4-282E-410A-8990-A9BE2BF47EEB}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{EFEAAE96-5A3D-4624-BEA9-C33582BF0348}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{F061848D-0E92-4C6E-AA16-7EA4AE7101F2}" = dir=out | name=@{microsoft.zunevideo_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F085444F-9A57-4EB2-89CD-2069BEDA35E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F7AA463F-20F6-414F-A528-28B183A9B3DA}" = dir=out | app=c:\users\mom\appdata\local\temp\file_to_run551033.exe |
"{F9D8B131-2136-4595-92BC-71885EBD22B2}" = dir=in | app=c:\users\mom\appdata\local\temp\file_to_run551033.exe |
"{FA5B9B16-1E28-43CB-83D4-C4BC14157C05}" = dir=in | app=c:\program files\pcreg\pcreg.exe |
"{FB8A6A13-7E24-4F77-823F-5A9D31D57C49}" = dir=out | name=@{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{FFCCFFE3-131D-4BBB-902F-41443CEA0D61}" = dir=in | name=hp connected drive |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12D24BD9-6AAE-42C6-B1B0-E29590A3A77A}" = ccc-utility64
"{19C397A1-9C70-119F-E3BF-752C432FD217}" = AMD Catalyst Install Manager
"{1D7EB7E7-0B5D-4A23-A383-7EF133090026}" = HP Utility Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}" = Inst5675
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"{325C2B0D-146D-13B4-8A98-7C838EB10D05}" = AMD Start Now
"{3596588B-0A6E-6C6B-FB53-B2EDC9A63B17}" = AMD Accelerated Video Transcoding
"{3B3EAE8A-CF6C-E631-8E63-CEA756E16356}" = AMD Fuel
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}" = DisableMSDefender
"{878F6913-7421-4713-97F7-0A736EE2A188}" = Inst5676
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D60AE5-7A78-32CB-1E25-E3BCF43C6F5E}" = CCC Help Dutch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02691CBC-51A2-F845-169A-620A4DF59A86}" = CCC Help Spanish
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0896C595-4001-266A-4E65-AC8B9D70A075}" = CCC Help Italian
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{118DD9F0-49FE-498E-A2EE-F33423C1394C}" = Catalyst Control Center - Branding
"{13A81B50-E880-4BFE-4B9E-6A18238AC86D}" = CCC Help Greek
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2D2F9E79-3DD8-D1C0-B8D5-BC4237D37BA0}" = CCC Help Swedish
"{2DC1BBF1-02BA-AAFE-2007-274B3B5FBD43}" = CCC Help Chinese Standard
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{34FCD9EC-B55A-BDDD-A8EF-F0C70034D51A}" = CCC Help English
"{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}" = HP Support Assistant
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4687A349-171D-2F50-2D12-D61F647F9D97}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{593EFB1F-1150-C4C5-9572-4C2CCA41C207}" = CCC Help Turkish
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5CA2F546-86B3-A0C4-731F-9BDE78A614F5}" = CCC Help Chinese Traditional
"{5CC09593-C53F-5C38-0EE6-0E355BEA4670}" = Catalyst Control Center Graphics Previews Common
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}" = OEM Application Profile
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E315722-3F01-EF0B-35A8-B4446BAE1C5A}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8890A6A6-D589-81FE-19FE-7E76C55126BD}" = CCC Help Russian
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90E1A2C4-322E-C20E-22B4-0C3167EAFDD2}" = CCC Help Portuguese
"{94A7ED8F-5A22-4F4E-4B0F-4EF85CD8A7B4}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B56B031-A6C0-4BB7-8F61-938548C1B759}" = Pinger
"{A4879DA2-1D82-79BD-BF5B-3AB069365D31}" = CCC Help Hungarian
"{A5107464-AA9B-4177-8129-5FF2F42DD322}" = REALTEK Wireless LAN Driver
"{A78F6253-8697-FB07-86BA-5DEA4E56B7B8}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE9E22F-2D48-103D-36FC-086AF9AB9C2A}" = CCC Help Japanese
"{AE02E0DC-F7FF-1814-9641-4799AF4B8370}" = CCC Help Czech
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}" = HP System Event Utility
"{CE30B8E7-CEE4-A490-3C92-2DECCE48A7BF}" = CCC Help Thai
"{D820FF65-B479-6B51-4CEB-9E2DD2012D6C}" = CCC Help German
"{D82B396E-A647-4C81-9DA4-C61F7BB620EC}" = HP Documentation
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E00B15CB-88A1-786D-6B0A-FCD4070A06D1}" = Catalyst Control Center Localization All
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22D6940-B58C-1D38-8978-E8FE61529678}" = CCC Help Norwegian
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E5DC26A8-794F-9F95-F0EF-083E1B75C764}" = CCC Help Polish
"{E662C83F-41DE-737D-F83E-A4339B00D728}" = AMD Catalyst Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F9EBABFD-809B-25A9-D21E-BA190CE652D7}" = CCC Help Finnish
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FD49537C-C3A6-4F8D-93E6-68C778A1E192}" = HP Recovery Manager
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"35450_Start Savin" = Start Savin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Battle.net" = Battle.net
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MSC" = McAfee LiveSafe - Internet Security
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.2
"Pinger 1.4.0.1" = Pinger
"Settings Manager" = Settings Manager
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WTA-042253bf-b369-4a76-8a8d-34385b3a27fe" = Vacation Quest™ - Australia
"WTA-0c411bb9-99b4-41e0-87f8-cf5a0fdcaeb7" = Build-a-lot
"WTA-0e60c1aa-64c9-4531-9872-3a621c04d3ad" = Peggle Nights
"WTA-1c705dda-d638-41bc-a916-f43c491cb09a" = Curse at Twilight
"WTA-1e350cce-7b1c-4aba-800c-48716cc60bcc" = Airport Mania
"WTA-22115ff0-9e95-4430-83e0-8c15907f00ed" = Fishdom 3: Collector's Edition
"WTA-23824612-adb6-4c7f-82f1-9dd8c09a2271" = Mahjongg Dimensions Deluxe
"WTA-31e4b974-5ded-4ae1-b46b-5ff648b1c47f" = Azkend 2: The World Beneath
"WTA-3eb54275-1f3d-47ab-8e8c-6b37c2d659be" = House of 1000 Doors: Family Secrets
"WTA-50c81989-bd06-4041-8bdb-eda6e3d4d7c6" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-53496468-739f-4daf-9999-b9823f027c89" = Jewel Match 3
"WTA-545aa1e8-471e-4efc-9132-05ed45152c29" = 4 Elements II
"WTA-5ce6c8ea-49a4-49ae-a2a0-63135c500875" = Cradle of Rome 2
"WTA-6e9486f2-21c3-4e1b-9e8e-05e37eae6809" = Youda Jewel Shop
"WTA-70ef15d1-43a2-4071-8a27-85587e95d13e" = Roads of Rome 3
"WTA-872c36de-ad44-4735-9234-d2cb8c4438f9" = Tales of Lagoona
"WTA-8c19759a-cabd-43b3-bd5d-b7053214531c" = Bounce Symphony
"WTA-907c9196-a16f-45e5-a836-05147a403026" = King Oddball
"WTA-9eb69b18-6608-4ff1-8350-e995d8ababd0" = Luxor Evolved
"WTA-a2762c91-c502-413d-b757-56b815bdf8e7" = John Deere Drive Green
"WTA-a6e76048-f70e-40a5-82eb-84d2c73ebbda" = Governor of Poker 2 Premium Edition
"WTA-a7a7a624-9c9a-4a09-b37e-5018aac5e0ca" = Cradle Of Egypt Collector's Edition
"WTA-b45c4bdc-7269-49b7-9ac0-6eec63e53b26" = Zuma's Revenge
"WTA-c878aac2-8d29-448a-b55c-6ced49637f6d" = Farm Frenzy
"WTA-d3d51d38-13a3-439b-bae0-0bed6cb0d74c" = Penguins!
"WTA-d59a1ddd-8827-4478-848e-257c8f7479e0" = Plants vs. Zombies - Game of the Year
"WTA-d6fcbbb6-022d-4052-abfb-445d19c7578d" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-e7e48931-095a-4f37-8a4f-5cec7d34907d" = Bejeweled 3
"WTA-f8868715-8d23-4c71-af13-b5a6c2175bd3" = Polar Bowler
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Linkey" = Linkey
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2014 8:57:55 AM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1610

Error - 4/24/2014 8:57:55 AM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1610

Error - 4/24/2014 11:46:41 AM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/24/2014 11:46:41 AM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10127719

Error - 4/24/2014 11:46:41 AM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10127719

Error - 4/24/2014 1:44:42 PM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/24/2014 1:44:42 PM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1547

Error - 4/24/2014 1:44:42 PM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1547

Error - 4/24/2014 2:54:26 PM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/24/2014 2:54:26 PM | Computer Name = Leigha | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4185969

[ System Events ]
Error - 4/24/2014 5:37:54 PM | Computer Name = Leigha | Source = Service Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to the following
error: %%1053

Error - 4/24/2014 6:09:56 PM | Computer Name = Leigha | Source = DCOM | ID = 10010
Description =

Error - 4/24/2014 6:16:56 PM | Computer Name = Leigha | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:00:34 PM on ?4/?24/?2014 was unexpected.

Error - 4/24/2014 6:16:50 PM | Computer Name = Leigha | Source = Service Control Manager | ID = 7000
Description = The UAC File Virtualization service failed to start due to the following
error: %%1275

Error - 4/24/2014 6:26:31 PM | Computer Name = Leigha | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 4/24/2014 8:39:02 PM | Computer Name = Leigha | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 2 time(s).

Error - 4/24/2014 10:15:17 PM | Computer Name = Leigha | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 3 time(s).

Error - 4/25/2014 10:03:44 AM | Computer Name = Leigha | Source = DCOM | ID = 10010
Description =

Error - 4/25/2014 10:21:00 AM | Computer Name = Leigha | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 4 time(s).

Error - 4/25/2014 11:12:04 AM | Computer Name = Leigha | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 12 Media Server Service service terminated
unexpectedly. It has done this 5 time(s).


< End of report >
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello Leighai,

First

Lets remove all of those programs listed below
==> Click > Start > Control Panel > Programs & Features.

1-Start Savin
2-PC Speed Maximizer v3.2
3-Linkey

Next Step

We need to do a fix to delete some files using OTL please take your time and copy everything in the code box as it's kind of long.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:64bit: - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
    SRV - [2014/04/28 05:38:05 | 003,543,056 | ---- | M] (Aztec Media Inc) [Auto | Running] -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
    DRV - [2014/04/28 05:38:06 | 000,036,240 | ---- | M] (Aztec Media Inc) [Kernel | System | Running] -- C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)
    [2014/04/29 22:18:56 | 000,000,000 | ---D | M] (Start Savin) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\3d29goud.default\extensions\{8C5FCD2C-1E9D-137D-E624-6E9E2017F1D7}
    O2:64bit: - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll ()
    O2 - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO.dll ()
    O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
    O4 - HKLM..\Run: [BService] C:\Program Files (x86)\Bench\BService\bservice.exe ()
    O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
    O4 - HKLM..\Run: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe File not found
    O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    [2014/04/29 22:19:04 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\BenchUpdater
    [2014/04/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Start Savin
    [2014/04/29 22:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bench
    [2014/04/29 22:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Start Savin
    2014/04/21 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\PC Speed Maximizer
    [2014/04/21 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\PC Speed Maximizer
    [2014/04/21 19:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkey
    [2014/04/21 19:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Manager
    [2014/04/21 19:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
    [2014/04/21 19:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
    [2014/04/21 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
    [2014/05/02 19:31:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
    [2014/04/29 22:18:46 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
    [2014/04/29 22:18:46 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-3278502167-1051688349-1540034803-1002.job
    @Alternate Data Stream - 199 bytes -> C:\Users\Mom\SkyDrive:ms-properties
    
    :Files
    
    ipconfig /flushdns /c
    C:\Program Files\pcreg\pcreg.exe
    C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
    C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
    C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:

1- The OTL Fix Log located here-> C:\_OTL\Moved Files That Log may just pop up in front of of you after the machine reboots.

2- After you run the Quick scan post the log, It will be a new OTL Log

Thanks
Joe :)

Tell me how things are now ?
  • 0

#4
leighai

leighai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
sorry for the late reply.

Followed your instructions and here is the info from the fix before a reboot:

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager\systemk\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager\systemk\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager\systemk scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager\systemk\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager\systemk scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Settings Manager scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll scheduled to be moved on reboot.
C:\Users\Mom\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





Ran quick scan and here is the results from that:


OTL logfile created on: 5/22/2014 9:55:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.80% Memory free
4.39 Gb Paging File | 2.76 Gb Available in Paging File | 62.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.78 Gb Total Space | 357.99 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive D: | 18.22 Gb Total Space | 1.87 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: LEIGHA | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/18 05:50:39 | 003,582,992 | ---- | M] (Aztec Media Inc) -- C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
PRC - [2014/05/18 05:50:32 | 003,543,056 | ---- | M] (Aztec Media Inc) -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
PRC - [2014/05/10 13:23:19 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Users\Mom\AppData\Local\Mozilla Firefox\firefox.exe
PRC - [2014/05/02 21:47:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL.exe
PRC - [2014/04/17 20:18:58 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/10/18 02:26:45 | 000,298,760 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/10/08 15:41:36 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/10/08 15:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/09/01 22:18:24 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/08/05 03:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/18 05:50:44 | 000,490,000 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
MOD - [2014/05/18 05:50:36 | 000,020,496 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
MOD - [2014/05/10 13:23:18 | 003,839,088 | ---- | M] () -- C:\Users\Mom\AppData\Local\Mozilla Firefox\mozjs.dll
MOD - [2013/08/05 19:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 03:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/23 22:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 22:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/03/08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/03/06 02:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/02/22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/27 11:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/01/15 20:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/12/10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 00:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/10/19 01:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/16 19:32:54 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/10/14 15:29:40 | 000,087,552 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2013/10/14 15:23:20 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe -- (Cachedrv server)
SRV:64bit: - [2013/09/25 22:06:56 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/25 10:49:06 | 000,099,328 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/09/25 10:48:00 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/31 06:00:10 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/26 02:13:24 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/02 17:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/24 22:21:46 | 000,334,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/18 05:50:32 | 003,543,056 | ---- | M] (Aztec Media Inc) [Auto | Running] -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
SRV - [2014/05/13 22:02:32 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/21 19:47:07 | 000,197,632 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/17 20:18:58 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/18 02:26:45 | 000,298,760 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/10/18 02:26:43 | 000,077,576 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/10/08 15:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/08/31 05:25:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/26 02:13:24 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/08/26 02:13:24 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/08/26 02:13:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/23 22:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 22:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 22:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/03/17 18:25:42 | 000,069,344 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/03/13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 16:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 11:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/02/22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 11:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/11/10 22:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 07:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/25 21:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/18 22:48:54 | 002,946,264 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/10/16 15:58:12 | 000,638,312 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/10/05 11:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/10/01 16:31:00 | 000,536,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/10/01 16:31:00 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/10/01 16:31:00 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/09/25 23:10:44 | 012,533,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/25 21:41:10 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/24 19:32:56 | 000,290,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/14 10:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 15:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 15:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 18:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 20:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/06/23 04:49:50 | 000,138,240 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/03/05 16:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 02:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/02/07 18:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdAS4.sys -- (AmdAS4)
DRV - [2014/05/18 05:50:33 | 000,036,240 | ---- | M] (Aztec Media Inc) [Kernel | System | Running] -- C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A9119622)
DRV - [2013/10/18 22:48:54 | 002,946,264 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rtwlane.sys -- (RTWlanE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...64bit:</strong> - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...64bit:</strong> - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...NTDFJS<br /> IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...Terms}<br /> IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
IE
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...NTDFJS<br /> IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-s...Terms}<br /> IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/05/15 11:01:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Users\Mom\AppData\Local\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Users\Mom\AppData\Local\Mozilla Firefox\plugins

[2014/04/21 19:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions
[2014/05/05 19:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\3d29goud.default\extensions

========== Chrome ==========

CHR - default_search_provider: default-search.net (Enabled)
CHR - default_search_provider: search_url = http://www.default-s...erms}<br /> CHR - default_search_provider: suggest_url = ,
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/04/29 22:18:48 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 54.221.22.25 imfpmncmbojnbdhnogcegojocabhpbnh
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll File not found
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1058CC78-9164-4C45-920E-19615CAF4660}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/22 17:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/05/18 23:16:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Cookies
[2014/05/18 23:16:16 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Cinnamon Rolls
[2014/05/18 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Fudge
[2014/05/18 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Chocolate
[2014/05/18 23:09:30 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Fondant
[2014/05/18 23:07:37 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\CupCake
[2014/05/18 17:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk
[2014/05/14 11:08:42 | 000,000,000 | ---D | C] -- C:\488156fc9db75d81e1
[2014/05/13 02:02:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Windows Live
[2014/05/12 21:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Chris
[2014/05/12 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\Cake
[2014/05/10 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Mozilla Firefox
[2014/05/08 18:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/05/08 18:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/05/03 14:58:20 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Macromedia
[2014/05/03 14:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/05/03 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Adobe
[2014/05/02 23:33:08 | 000,000,000 | ---D | C] -- C:\Users\Mom\jagexcache
[2014/05/02 15:57:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/01 23:36:38 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/01 23:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 23:35:48 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/01 23:35:48 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/01 23:35:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/01 23:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/01 23:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/01 23:35:16 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Programs
[2014/05/01 23:33:24 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Avatar
[2014/05/01 23:33:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\CyberLink
[2014/05/01 23:23:38 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2014/05/01 23:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/01 23:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/01 23:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/01 23:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/30 23:04:06 | 000,000,000 | R--D | C] -- C:\Users\Mom\SkyDrive
[2014/04/25 10:05:14 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/04/24 19:49:14 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/24 00:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/04/24 00:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/04/24 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Blizzard Entertainment
[2014/04/24 00:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Battle.net
[2014/04/24 00:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Battle.net
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/04/24 00:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014/04/24 00:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/22 22:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 21:50:08 | 000,956,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/22 21:50:08 | 000,796,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/22 21:50:08 | 000,161,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/22 21:46:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/22 21:46:18 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf5db6a7c29eb7.job
[2014/05/22 21:44:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/22 21:44:27 | 2967,060,480 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/22 20:18:01 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf5db6aa0d51be.job
[2014/05/22 17:41:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMom.job
[2014/05/22 17:35:57 | 000,002,244 | ---- | M] () -- C:\Users\Mom\Desktop\HP Support Assistant.lnk
[2014/05/21 09:52:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2014/05/19 23:14:06 | 000,116,566 | ---- | M] () -- C:\Users\Mom\Desktop\cronauts.jpg
[2014/05/19 19:37:53 | 000,020,099 | ---- | M] () -- C:\Users\Mom\Desktop\munzee cat.jpg
[2014/05/15 22:49:32 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/15 11:18:21 | 000,103,237 | ---- | M] () -- C:\Users\Mom\Desktop\conversion.jpg
[2014/05/10 18:23:59 | 000,476,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/08 18:19:57 | 000,001,954 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/05/03 01:01:03 | 000,000,024 | ---- | M] () -- C:\Users\Mom\random.dat
[2014/05/02 23:33:08 | 000,000,042 | ---- | M] () -- C:\Users\Mom\jagex_cl_runescape_LIVE.dat
[2014/04/29 22:18:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/24 00:10:11 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/04/24 00:05:50 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/22 17:36:31 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMom.job
[2014/05/22 17:35:57 | 000,002,244 | ---- | C] () -- C:\Users\Mom\Desktop\HP Support Assistant.lnk
[2014/05/19 23:14:06 | 000,116,566 | ---- | C] () -- C:\Users\Mom\Desktop\cronauts.jpg
[2014/05/19 19:37:53 | 000,020,099 | ---- | C] () -- C:\Users\Mom\Desktop\munzee cat.jpg
[2014/05/15 11:18:20 | 000,103,237 | ---- | C] () -- C:\Users\Mom\Desktop\conversion.jpg
[2014/05/09 19:47:17 | 000,387,210 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/05/09 19:38:37 | 000,139,600 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2014/05/09 19:35:54 | 000,262,335 | ---- | C] () -- C:\Windows\SysNative\dfpinc.dat
[2014/05/09 19:33:49 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/05/09 19:33:49 | 000,002,255 | ---- | C] () -- C:\Windows\SysNative\WimBootCompress.ini
[2014/05/09 19:33:06 | 000,100,197 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2014/05/09 19:33:06 | 000,100,197 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2014/05/09 19:33:04 | 000,007,762 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/05/09 19:33:04 | 000,007,762 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/05/09 19:33:04 | 000,007,130 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/05/09 19:33:04 | 000,007,130 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/05/09 19:32:52 | 000,011,109 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-results.searchconnector-ms
[2014/05/09 19:32:52 | 000,011,109 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-results.searchconnector-ms
[2014/05/09 19:32:47 | 000,050,053 | ---- | C] () -- C:\Windows\SysNative\srms.dat
[2014/05/09 19:32:43 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/05/03 14:48:22 | 000,001,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/05/03 14:48:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/02 23:33:08 | 000,000,042 | ---- | C] () -- C:\Users\Mom\jagex_cl_runescape_LIVE.dat
[2014/05/02 23:33:08 | 000,000,024 | ---- | C] () -- C:\Users\Mom\random.dat
[2014/04/29 22:18:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/25 16:33:14 | 000,138,240 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/04/25 16:33:14 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/04/24 00:10:11 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/04/24 00:05:50 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/01/19 07:03:05 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/01/19 06:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/25 22:49:40 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/09/25 22:49:40 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/25 22:07:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/09/25 22:07:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/09/25 21:36:12 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2013/09/25 10:55:32 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/26 02:13:37 | 000,931,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/11/06 20:40:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/27 05:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 03:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/02 21:50:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2014/04/24 08:12:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Battle.net
[2014/04/22 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Synaptics
[2014/04/21 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Mom\SkyDrive:ms-properties

< End of report >

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello leighai,

We need to do a fix to delete some files using OTL again.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    O1 - Hosts: 54.221.22.25 imfpmncmbojnbdhnogcegojocabhpbnh
    O2:64bit: - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll File not found
    O1364bit: - gopher Prefix: missing
    [2014/05/18 17:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    
    :Files
    C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
    C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
    C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ()
    C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ()
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See how to do that Here.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply Post:

    1- OTL Fix log.
    2- New OTL after quick scan.
    3- AdwCleaner [so].txt
    4- JRT Log .txt

    Thanks
    Joe :)




  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

Are you still with us ?

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP