A friends PC has Tikotin showing up on his Chrome browser, and Trovi on his IE browser. THere are multiple popups that show up about fixing windows errors and the system needs a new video driver etc. Evertyime I click a link I get a browser redirect...
He had loaded YTdownloader as well as Shop for Rewards and other programs on this.
I was able to delete some of those programs out of Control Panel but the Shopping Helper Smartbar still appears.
I ran JRT, malwarebytes and a couple other programs but the system appears to be getting worse and not better so I am here for some help.
Malwarebytes keeps coming up saying it's blocking a malicious website...
Thanks for your help!!
OTL logfile created on: 10/18/2014 4:35:12 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\bobramsay\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.92 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 67.25% Memory free
9.54 Gb Paging File | 6.79 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.31 Gb Total Space | 869.50 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive D: | 708.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 2.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: WINDOWS-E4ELKUL | User Name: bobramsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/10/18 16:34:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bobramsay\Desktop\OTL.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/01 01:55:00 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/09 17:25:12 | 000,071,680 | ---- | M] (Nike) -- C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2013/10/17 15:15:38 | 001,915,408 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/09/03 18:53:48 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/03 18:53:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/03/04 23:43:20 | 000,110,144 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2007/01/11 13:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe
PRC - [2006/12/05 09:35:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/01 01:54:58 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
MOD - [2014/10/01 01:54:57 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
MOD - [2014/10/01 01:54:53 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
MOD - [2014/10/01 01:54:52 | 000,310,088 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libexif.dll
MOD - [2014/10/01 01:54:51 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
MOD - [2014/10/01 01:54:51 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
MOD - [2014/09/16 13:50:12 | 008,896,160 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/03/05 12:41:36 | 000,015,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/03/04 23:40:16 | 000,626,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2007/01/11 13:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe
MOD - [2006/10/23 13:51:08 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqscw.dll
MOD - [2006/06/09 01:39:22 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqdrec.dll
MOD - [2006/05/25 15:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\iptk.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 20:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 20:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/08/12 00:56:36 | 002,428,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/24 03:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/04/06 07:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/03/23 22:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 22:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/14 02:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/02/06 06:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/06/18 21:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/11 18:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 18:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2006/12/05 09:36:32 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcqcoms.exe -- (lxcq_device)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 02:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/17 15:15:38 | 001,915,408 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/09/05 00:24:48 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/09/03 18:53:48 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/03 18:53:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/13 10:21:42 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/06 18:24:40 | 000,243,464 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe -- (CLKMSVC10_99E320F5)
SRV - [2006/12/05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcqcoms.exe -- (lxcq_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/10/18 16:18:14 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 11:11:30 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/14 20:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 11:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 11:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 07:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/01 09:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/23 22:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 22:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 22:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 14:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/10 22:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 07:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/25 21:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 11:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/14 10:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/05 00:01:18 | 000,594,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/09/05 00:01:18 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/09/05 00:01:18 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/09/05 00:01:18 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/09/05 00:01:18 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/09/05 00:01:18 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/09/05 00:01:18 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/09/05 00:01:18 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/09/03 18:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/22 15:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 15:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/19 17:25:00 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/08/15 21:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/13 10:21:26 | 004,155,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/01 20:40:04 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 18:27:49 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/07/26 18:27:49 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/23 09:20:32 | 000,450,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/06/21 19:35:14 | 000,816,344 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;https=
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428}: C:\PROGRAM FILES\SHOP FOR REWARDS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428}: C:\Program Files\Shop For Rewards\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
[2014/07/27 11:41:40 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.916.0.7_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.3_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\
CHR - Extension: No name found = C:\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LXCQCATS] C:\windows\SysNative\spool\DRIVERS\x64\3\LXCQtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcqmon.exe] C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\bobramsay\AppData\Local\Apps\2.0\2G4G6OEC.029\X05J0M9Q.AX8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36380E32-1C72-413A-84CE-4BE5584105B8}: DhcpNameServer =
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/13 17:04:47 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/09/18 16:37:09 | 000,000,184 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3b0f2183-1e77-11e4-824c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b0f2183-1e77-11e4-824c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.EXE -- [2012/11/23 17:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3b0f2183-1e77-11e4-824c-806e6f6e6963}\Shell\configure\command - "" = F:\setup.exe -- [2012/11/23 17:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3b0f2183-1e77-11e4-824c-806e6f6e6963}\Shell\install\command - "" = F:\setup.exe -- [2012/11/23 17:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f9c89709-4a80-11e4-8259-543530c571c8}\Shell - "" = AutoRun
O33 - MountPoints2\{f9c89709-4a80-11e4-8259-543530c571c8}\Shell\AutoRun\command - "" = "H:\LaunchU3.exe" -a
O33 - MountPoints2\{fb24f377-4313-11e4-8257-543530c571c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fb24f377-4313-11e4-8257-543530c571c8}\Shell\AutoRun\command - "" = "H:\LaunchU3.exe" -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2012/10/01 06:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe -- [2012/10/01 06:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe -- [2012/10/01 06:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/18 16:34:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bobramsay\Desktop\OTL.exe
[2014/10/18 16:29:28 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/18 16:29:11 | 002,112,000 | ---- | C] (Farbar) -- C:\Users\bobramsay\Desktop\FRST64.exe
[2014/10/18 16:20:20 | 001,705,698 | ---- | C] (Thisisu) -- C:\Users\bobramsay\Desktop\JRT.exe
[2014/10/18 16:18:33 | 000,000,000 | R--D | C] -- C:\Users\bobramsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/10/17 20:55:43 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/10/17 20:46:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/15 02:24:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/09 06:37:26 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/09 06:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/09 06:37:12 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/09 06:37:12 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/09 06:37:12 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/10/09 06:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/09 06:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/09 06:36:08 | 017,291,904 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\bobramsay\Desktop\mbam_premium.exe
[2014/10/08 17:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSoftwareUpdater
[2014/10/08 06:15:01 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\speed browser
[2014/10/08 05:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Shop For Rewards
[2014/10/07 06:41:54 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Roaming\Compete
[2014/10/07 05:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\UQlcVZpU
[2014/10/06 06:50:04 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Roaming\ap_movie
[2014/10/06 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\16735
[2014/10/06 06:36:37 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\fastplayer
[2014/10/06 06:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer
[2014/10/06 06:35:52 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\CrashRpt
[2014/10/06 06:35:46 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\StormWatch
[2014/10/02 18:37:30 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\Documents\Outlook Files
[2014/09/27 11:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/09/27 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/09/27 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/09/24 05:52:59 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\Documents\Custom Office Templates
[2014/09/24 05:48:32 | 000,000,000 | -HSD | C] -- C:\Users\bobramsay\AppData\Local\EmieUserList
[2014/09/24 05:48:32 | 000,000,000 | -HSD | C] -- C:\Users\bobramsay\AppData\Local\EmieSiteList
[2014/09/23 06:41:22 | 000,000,000 | R--D | C] -- C:\Users\bobramsay\OneDrive
[2014/09/22 18:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nike+ Connect
[2014/09/22 18:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2014/09/22 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nike
[2014/09/19 18:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2014/09/19 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 9300 Series
[2014/09/19 18:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2014/09/19 18:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 9300 Series
[2014/09/19 18:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 9300 Series
[2014/09/19 18:12:26 | 000,000,000 | ---D | C] -- C:\drivers
[2014/09/19 18:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Informer Technologies, Inc
[2014/09/19 18:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
[2014/09/19 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2014/09/19 18:02:14 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\DriverToolkit
[2014/09/19 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverToolkit
[2014/09/19 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\Programs
[2014/09/19 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/19 15:18:53 | 000,000,000 | R--D | C] -- C:\Users\bobramsay\SkyDrive
[2014/09/19 14:48:31 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\ElevatedDiagnostics
[2014/09/19 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\CrashDumps
[2014/09/19 14:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/19 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/09/19 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\Google
[2014/09/19 14:14:05 | 000,000,000 | ---D | C] -- C:\Users\bobramsay\AppData\Local\Diagnostics
[2 C:\Users\bobramsay\AppData\Local\*.tmp files -> C:\Users\bobramsay\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/10/18 16:36:00 | 000,000,400 | ---- | M] () -- C:\windows\tasks\CIMT_S-1-5-21-576917031-1454295532-2340876981-1001.job
[2014/10/18 16:34:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bobramsay\Desktop\OTL.exe
[2014/10/18 16:29:12 | 002,112,000 | ---- | M] (Farbar) -- C:\Users\bobramsay\Desktop\FRST64.exe
[2014/10/18 16:24:28 | 000,867,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/18 16:24:28 | 000,733,312 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/18 16:24:28 | 000,136,364 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/18 16:20:29 | 001,705,698 | ---- | M] (Thisisu) -- C:\Users\bobramsay\Desktop\JRT.exe
[2014/10/18 16:20:10 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/18 16:19:36 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/18 16:19:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/18 16:19:04 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/18 16:18:46 | 000,001,231 | ---- | M] () -- C:\Users\bobramsay\Desktop\Search.lnk
[2014/10/18 16:18:20 | 000,001,386 | ---- | M] () -- C:\windows\tasks\QOILJM.job
[2014/10/18 16:18:20 | 000,001,384 | ---- | M] () -- C:\windows\tasks\CYHPK.job
[2014/10/18 16:18:20 | 000,001,382 | ---- | M] () -- C:\windows\tasks\PDFU.job
[2014/10/18 16:18:20 | 000,000,340 | ---- | M] () -- C:\windows\tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{EE0F9C75-961A-47B8-A21D-74D06173E30C}.job
[2014/10/18 16:18:19 | 000,001,386 | ---- | M] () -- C:\windows\tasks\BTOSQF.job
[2014/10/18 16:18:19 | 000,001,384 | ---- | M] () -- C:\windows\tasks\OQERG.job
[2014/10/18 16:18:19 | 000,001,382 | ---- | M] () -- C:\windows\tasks\HGGI.job
[2014/10/18 16:18:14 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/18 16:17:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/10/18 16:17:25 | 2507,300,863 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/18 16:16:51 | 000,001,234 | ---- | M] () -- C:\Users\bobramsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/18 16:16:51 | 000,001,150 | ---- | M] () -- C:\Users\bobramsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/18 16:13:48 | 001,976,320 | ---- | M] () -- C:\Users\bobramsay\Desktop\AdwCleaner.exe
[2014/10/17 21:19:53 | 000,880,342 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/10/15 18:46:59 | 000,001,149 | ---- | M] () -- C:\Users\bobramsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/10/15 18:42:35 | 000,492,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/14 07:02:42 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/09 06:53:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/09 06:36:16 | 017,291,904 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\bobramsay\Desktop\mbam_premium.exe
[2014/10/08 17:45:30 | 000,139,488 | ---- | M] () -- C:\windows\SysWow64\XMLOperations.xml
[2014/10/08 05:45:00 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/10/07 06:45:51 | 000,000,232 | ---- | M] () -- C:\Users\bobramsay\.swfinfo
[2014/10/01 11:11:30 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/09/27 18:27:14 | 000,135,877 | ---- | M] () -- C:\Users\bobramsay\Desktop\10653848_10152677026266132_9187087410680574519_n.jpg
[2014/09/24 07:09:09 | 000,001,680 | ---- | M] () -- C:\Users\bobramsay\Desktop\Payroll WE 09202014 - Shortcut.lnk
[2014/09/24 05:50:13 | 000,000,115 | ---- | M] () -- C:\Users\bobramsay\Desktop\Time Warner Cable High Speed Cable.url
[2014/09/22 06:32:28 | 000,001,779 | ---- | M] () -- C:\Users\bobramsay\Desktop\Microsoft.WindowsLive.Mail (2).lnk
[2014/09/22 06:32:13 | 000,001,779 | ---- | M] () -- C:\Users\bobramsay\Desktop\Microsoft.WindowsLive.Mail.lnk
[2014/09/21 07:57:59 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Productivity Suite - 9300 Series.LNK
[2014/09/19 18:24:22 | 000,019,128 | ---- | M] () -- C:\windows\SysNative\LexFiles.ulf
[2014/09/19 17:51:34 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2 C:\Users\bobramsay\AppData\Local\*.tmp files -> C:\Users\bobramsay\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/18 16:13:46 | 001,976,320 | ---- | C] () -- C:\Users\bobramsay\Desktop\AdwCleaner.exe
[2014/10/18 15:59:14 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/18 15:59:13 | 000,001,231 | ---- | C] () -- C:\Users\bobramsay\Desktop\Search.lnk
[2014/10/17 21:19:53 | 000,880,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/10/15 01:16:35 | 000,388,729 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014/10/09 06:53:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/09 06:37:17 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/08 17:45:30 | 000,139,488 | ---- | C] () -- C:\windows\SysWow64\XMLOperations.xml
[2014/10/08 10:45:47 | 000,001,384 | ---- | C] () -- C:\windows\tasks\CYHPK.job
[2014/10/08 10:45:13 | 000,001,384 | ---- | C] () -- C:\windows\tasks\OQERG.job
[2014/10/08 05:45:07 | 000,001,278 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/10/08 05:45:01 | 000,000,340 | ---- | C] () -- C:\windows\tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{EE0F9C75-961A-47B8-A21D-74D06173E30C}.job
[2014/10/08 05:45:00 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/10/07 06:45:51 | 000,000,232 | ---- | C] () -- C:\Users\bobramsay\.swfinfo
[2014/10/06 06:41:05 | 000,001,382 | ---- | C] () -- C:\windows\tasks\PDFU.job
[2014/10/06 06:40:47 | 000,001,386 | ---- | C] () -- C:\windows\tasks\BTOSQF.job
[2014/10/06 06:37:01 | 000,001,382 | ---- | C] () -- C:\windows\tasks\HGGI.job
[2014/10/06 06:36:39 | 000,001,386 | ---- | C] () -- C:\windows\tasks\QOILJM.job
[2014/10/06 06:36:24 | 000,000,400 | ---- | C] () -- C:\windows\tasks\CIMT_S-1-5-21-576917031-1454295532-2340876981-1001.job
[2014/09/27 18:27:14 | 000,135,877 | ---- | C] () -- C:\Users\bobramsay\Desktop\10653848_10152677026266132_9187087410680574519_n.jpg
[2014/09/25 19:37:18 | 000,001,149 | ---- | C] () -- C:\Users\bobramsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/09/24 07:09:09 | 000,001,680 | ---- | C] () -- C:\Users\bobramsay\Desktop\Payroll WE 09202014 - Shortcut.lnk
[2014/09/24 05:50:13 | 000,000,115 | ---- | C] () -- C:\Users\bobramsay\Desktop\Time Warner Cable High Speed Cable.url
[2014/09/22 06:32:28 | 000,001,779 | ---- | C] () -- C:\Users\bobramsay\Desktop\Microsoft.WindowsLive.Mail (2).lnk
[2014/09/22 06:32:13 | 000,001,779 | ---- | C] () -- C:\Users\bobramsay\Desktop\Microsoft.WindowsLive.Mail.lnk
[2014/09/21 07:57:59 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Productivity Suite - 9300 Series.LNK
[2014/09/19 19:29:22 | 000,050,745 | ---- | C] () -- C:\windows\SysNative\srms.dat
[2014/09/19 18:24:09 | 000,000,031 | ---- | C] () -- C:\windows\SysNative\lxcqrwrd.ini
[2014/09/19 18:13:07 | 002,419,069 | ---- | C] () -- C:\windows\SysWow64\lxcqhelp.chm
[2014/09/19 18:13:07 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqserv.dll
[2014/09/19 18:13:07 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqusb1.dll
[2014/09/19 18:13:07 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqhbn3.dll
[2014/09/19 18:13:07 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqpmui.dll
[2014/09/19 18:13:07 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqlmpm.dll
[2014/09/19 18:13:07 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqcoms.exe
[2014/09/19 18:13:07 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqcomm.dll
[2014/09/19 18:13:07 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqinpa.dll
[2014/09/19 18:13:07 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqiesc.dll
[2014/09/19 18:13:07 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqih.exe
[2014/09/19 18:13:07 | 000,380,928 | ---- | C] () -- C:\windows\SysWow64\lxcqcomx.dll
[2014/09/19 18:13:07 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\LXCQinst.dll
[2014/09/19 18:13:07 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqppls.exe
[2014/09/19 18:13:07 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqprox.dll
[2014/09/19 18:13:07 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqpplc.dll
[2014/09/19 18:13:06 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqcomc.dll
[2014/09/19 18:13:06 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxcqcfg.exe
[2014/09/19 18:13:06 | 000,001,922 | ---- | C] () -- C:\windows\SysWow64\lxcq.loc
[2014/09/19 18:12:57 | 002,419,069 | ---- | C] () -- C:\windows\SysNative\lxcqhelp.chm
[2014/09/19 18:12:57 | 001,417,728 | ---- | C] ( ) -- C:\windows\SysNative\lxcqserv.dll
[2014/09/19 18:12:57 | 001,099,264 | ---- | C] ( ) -- C:\windows\SysNative\lxcqusb1.dll
[2014/09/19 18:12:57 | 000,695,808 | ---- | C] ( ) -- C:\windows\SysNative\lxcqcomc.dll
[2014/09/19 18:12:57 | 000,659,456 | ---- | C] ( ) -- C:\windows\SysNative\lxcqhbn3.dll
[2014/09/19 18:12:57 | 000,566,192 | ---- | C] ( ) -- C:\windows\SysNative\lxcqcoms.exe
[2014/09/19 18:12:57 | 000,487,424 | ---- | C] ( ) -- C:\windows\SysNative\lxcqlmpm.dll
[2014/09/19 18:12:57 | 000,409,600 | ---- | C] ( ) -- C:\windows\SysNative\lxcqpmui.dll
[2014/09/19 18:12:57 | 000,305,152 | ---- | C] ( ) -- C:\windows\SysNative\LXCQhcp.dll
[2014/09/19 18:12:57 | 000,294,400 | ---- | C] () -- C:\windows\SysNative\lxcqgrd.dll
[2014/09/19 18:12:57 | 000,249,856 | ---- | C] ( ) -- C:\windows\SysNative\lxcqcomm.dll
[2014/09/19 18:12:57 | 000,238,592 | ---- | C] ( ) -- C:\windows\SysNative\lxcqinpa.dll
[2014/09/19 18:12:57 | 000,235,952 | ---- | C] ( ) -- C:\windows\SysNative\lxcqcfg.exe
[2014/09/19 18:12:57 | 000,233,392 | ---- | C] ( ) -- C:\windows\SysNative\lxcqih.exe
[2014/09/19 18:12:57 | 000,226,816 | ---- | C] ( ) -- C:\windows\SysNative\lxcqiesc.dll
[2014/09/19 18:12:57 | 000,194,048 | ---- | C] () -- C:\windows\SysNative\LXCQinst.dll
[2014/09/19 18:12:57 | 000,035,328 | ---- | C] ( ) -- C:\windows\SysNative\lxcqprox.dll
[2014/09/19 18:12:57 | 000,019,128 | ---- | C] () -- C:\windows\SysNative\LexFiles.ulf
[2014/09/19 18:12:57 | 000,010,752 | ---- | C] ( ) -- C:\windows\SysNative\lxcqpplc.dll
[2014/09/19 18:12:57 | 000,001,922 | ---- | C] () -- C:\windows\SysNative\lxcq.loc
[2014/09/19 17:51:34 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/09/19 14:32:20 | 000,139,600 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2014/09/19 14:31:36 | 000,262,335 | ---- | C] () -- C:\windows\SysNative\dfpinc.dat
[2014/09/19 14:31:15 | 000,138,240 | ---- | C] () -- C:\windows\SysNative\OEMLicense.dll
[2014/09/19 14:31:14 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2014/09/19 14:30:57 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2014/09/19 14:30:57 | 000,002,255 | ---- | C] () -- C:\windows\SysNative\WimBootCompress.ini
[2014/09/19 14:30:45 | 000,100,197 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2014/09/19 14:30:45 | 000,100,197 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2014/09/19 14:30:45 | 000,007,762 | ---- | C] () -- C:\windows\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/09/19 14:30:45 | 000,007,762 | ---- | C] () -- C:\windows\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/09/19 14:30:45 | 000,007,130 | ---- | C] () -- C:\windows\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/09/19 14:30:45 | 000,007,130 | ---- | C] () -- C:\windows\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/09/19 14:30:42 | 000,011,109 | ---- | C] () -- C:\windows\SysWow64\connectedsearch-results.searchconnector-ms
[2014/09/19 14:30:42 | 000,011,109 | ---- | C] () -- C:\windows\SysNative\connectedsearch-results.searchconnector-ms
[2014/09/19 14:30:41 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/09/19 14:16:09 | 000,001,234 | ---- | C] () -- C:\Users\bobramsay\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/19 14:15:40 | 000,000,936 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/19 14:15:39 | 000,000,932 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/01 04:18:44 | 000,002,086 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\PDFU
[2014/09/01 04:18:44 | 000,002,086 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\HGGI
[2014/09/01 04:18:44 | 000,002,086 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\CYHPK
[2014/09/01 04:18:44 | 000,001,248 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\QOILJM
[2014/09/01 04:18:44 | 000,001,248 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\OQERG
[2014/09/01 04:18:44 | 000,001,248 | ---- | C] () -- C:\Users\bobramsay\AppData\Roaming\BTOSQF
[2014/08/07 17:11:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/08/07 15:57:59 | 000,287,744 | ---- | C] () -- C:\windows\SysWow64\igdmd32.dll
[2014/08/07 15:57:57 | 000,180,736 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/08/07 15:57:57 | 000,142,848 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2014/08/07 15:14:03 | 000,000,051 | ---- | C] () -- C:\windows\smsts.ini
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2013/05/11 18:17:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2014/10/06 07:47:48 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/16 00:08:41 | 021,195,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/15 23:16:40 | 018,722,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/10/06 06:50:04 | 000,000,000 | ---D | M] -- C:\Users\bobramsay\AppData\Roaming\ap_movie
[2014/10/18 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\bobramsay\AppData\Roaming\ClassicShell
[2014/10/07 06:41:54 | 000,000,000 | ---D | M] -- C:\Users\bobramsay\AppData\Roaming\Compete
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 74 bytes -> C:\Users\bobramsay\SkyDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\bobramsay\OneDrive:ms-properties
< End of report >
OTL Extras logfile created on: 10/18/2014 4:35:12 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\bobramsay\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.92 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 67.25% Memory free
9.54 Gb Paging File | 6.79 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.31 Gb Total Space | 869.50 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive D: | 708.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 2.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: WINDOWS-E4ELKUL | User Name: bobramsay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
"{30EA66A7-DDCF-4D05-B2D9-22F4664FA591}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{953959E8-63B9-424A-A5AD-C4DA5F352F37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
========== Vista Active Application Exception List ==========
"{01C3B9F5-7D43-46FC-8DB8-43F809CB8F2E}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{05A6DBE5-1256-40DF-AA83-F32C94FA10AE}" = dir=out | name=skype |
"{0BEB7CB3-C586-4341-8F58-95D20CA03E46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{12AA0803-EC5E-4395-8A8C-48E4CB3E2B99}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{1894AFE6-8B1B-4EAD-9244-78466181154A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{27F12A77-2CDA-4E0C-950A-6ADBFEDACFDD}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{290F50B2-4858-49A7-820C-26757B6EB02B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{2D63679E-CCDF-441A-AEF4-C844D1C7121E}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{31807E32-C9B6-4518-981C-CA8FCF427E5F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{32112028-C07A-422D-B63C-CCEBFD19C618}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{32F28AC2-7A6C-45D9-936E-718E2D19E785}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3450D3A9-209B-4E17-B2CE-FCF6F76885B7}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{3A324C86-D98F-4C1C-8D28-7D4E2DCEE432}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{423601FB-60A4-4EFE-9AA8-6BC1E8690F63}" = dir=out | name=windows_ie_ac_001 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{45F4FFFF-0760-4C34-B2F2-0B886E50B876}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{46335157-ED30-4128-81C0-BC3A186B27E8}" = dir=out | name=skype |
"{4CCD3C59-31AE-4C98-AE2F-65F12DCBDB51}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5D46BA8B-5023-4D5D-90D0-F42C65F64D52}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{5E1B0941-F01B-4FB3-9FB2-7EE8147723B1}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6258C5A7-13C0-4072-81C0-B0D4D1360B09}" = dir=in | name=skype |
"{669ADA50-A9EE-4DC2-8D06-C709259A6531}" = dir=out | name=@{microsoft.zunevideo_2.6.344.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{67FF2D63-DFDD-4390-B0E6-40F8255AAA64}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{6B1D0B58-7345-49A9-8712-B791683ECA3B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{70DFE39A-A08B-4207-999B-EE8AC0CAE7BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{70E1ABB0-6E0C-4BAD-82D7-E4958F5AFD34}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{72AD3E93-38B3-4FEA-896C-19F9A7E005FA}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{76F8BFE6-8322-4B57-8C47-2FD0C11FF971}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{78E05F01-5210-4E36-8E9B-DA900346FD64}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7FAB0790-5B93-4058-9C1B-190C243EACA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{8D074975-2750-405F-9456-67B93A8941AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{8F62C9C4-2354-4E1C-95DA-2E3B8D5F3EC9}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{8F9A118B-9A33-4B71-8A86-50F03CA37C45}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{91902E93-8CC9-4164-965F-EB1B2E49EDDF}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{9DF35439-087E-45F7-A011-447EF6EF5A50}" = dir=out | name=@{microsoft.zunemusic_2.6.320.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A19F18AA-4689-4C4C-89E8-0D5E0A3E6D8A}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{A89FF974-2C0B-458F-AA5D-96A03E85C822}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{AEEBB58E-2090-4F7E-AA19-275F0EC1803A}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B4699470-04C4-4B3C-9005-032B4184074C}" = dir=in | name=skype |
"{C90E5536-4AB0-4A40-91C1-9E2193747EC9}" = protocol=17 | dir=in | app=c:\windows\system32\lxcqcoms.exe |
"{CB7F2FEA-B241-46A3-9BBB-DB54D1A1B1F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcqcoms.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA054873-9E97-4A1D-9864-7B2163A24284}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E9B31586-2323-41E8-9465-D7C527754151}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{EA89CD55-5B5C-41A6-A102-DA8038DF08C5}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EF20C829-B820-4640-8AAB-95CD28B3BE4F}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{F1935016-6DD7-4A34-8DB3-C3E84263A96A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F645719E-95A9-4EE9-AFF6-9C45367D797A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcqcoms.exe |
"{F6EE3E10-C75F-41AF-B4EA-B097F11FF0B6}" = protocol=6 | dir=in | app=c:\windows\system32\lxcqcoms.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8ACFF38-FBFD-4A92-BBF3-96CD4D3895BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{FD1FA65D-D958-4D16-87DA-2AC50516932E}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{FF997B60-6311-43AA-A13E-BB98BDE085D5}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{FFC11BB1-E688-40D6-8675-31C27DE4DFEC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}" = Classic Shell
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"Lexmark 9300 Series" = Lexmark 9300 Series
"PC-Doctor for Windows" = My Dell
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"Software Informer_is1" = Software Informer 1.3.1131.0
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C64BEB42-B25D-4674-BB55-4099CB720110}" = Shopping Helper Smartbar
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Google Chrome" = Google Chrome
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version
"Nike+ Connect" = Nike+ Connect
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
========== HKEY_CURRENT_USER Uninstall List ==========
"{d7b80872-6d15-457c-b34c-c5d0150cbc58}" = Shopping Helper Smartbar Engine
"9204f5692a8faf3b" = Dell System Detect
< End of report >