Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Takes Too Long To Boot

Started by Uirsa5822 , Sep 21 2012 09:56 PM

  • Please log in to reply

#1
Uirsa5822
Posted 21 September 2012 - 09:56 PM

Uirsa5822

    Member

  • Member
  • PipPipPip
  • 197 posts
Hello,

I made a thread over in "Windows Vista and Windows 7" claiming my system was taking 1 minute and 30 seconds to boot, which is longer than usual. The main person helping me, Macboatmaster, suggested I create a thread here to make sure my system is clean. While I think it is clean, I figured it wouldn't hurt to be certain. That thread can be linked here if needed:

http://www.geekstogo...ime-to-boot-up/


So as I stated above my system is taking longer than usual to boot up. When started, the Windows loading screen hangs for longer than usual. Then finally will move on and bring me to my Welcome screen, which also takes a bit to come up on the screen. I have nothing on Start up, except Norton Internet Security. I also have two Spyware/Malware programs installed: Malwarebytes and SUPERAntiSpyware. I run these programs often to ensure my system is clean. They never find anything, except for tracking cookies on occasion. But I use CCleaner to clean those up.

In the thread above, several have mentioned that Norton/Malwarebytes/CCleaner/SuperAntiSpyware can be cause to the slow boot times. I disagree. Reason why, I have a second HP desktop, with almost exact identical set up, with those same exact programs installed, and it boots up in 35-40 seconds. Normal time. But yet this system takes over a minute.

So I guess I turn here for additional help. Hopefully something can be found in my OTL log below.

OTL logfile created on: 9/21/2012 11:27:48 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.55 Gb Available Physical Memory | 87.91% Memory free
18.00 Gb Paging File | 16.54 Gb Available in Paging File | 91.93% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142M:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.23 Gb Total Space | 708.44 Gb Free Space | 76.99% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 22:53:11 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/20 14:05:27 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 06:13:03 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/10 21:38:09 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/03 23:12:06 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/12 22:40:13 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 04:15:53 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/28 03:35:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/08 23:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [1999/12/31 20:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [1999/12/31 20:00:00 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [1999/12/31 20:00:00 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [1999/12/31 20:00:00 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [1999/12/31 20:00:00 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [1999/12/31 20:00:00 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [1999/12/31 20:00:00 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [1999/12/31 20:00:00 | 000,016,552 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV - [2012/09/21 21:13:30 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120921.017\ex64.sys -- (NAVEX15)
DRV - [2012/09/21 21:13:30 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120921.017\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120921.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 01:06:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 01:06:03 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15179
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{8BF544E8-E5E1-4BDE-83AC-314606D7C34E}: "URL" = http://websearch.ask...3C-35AAEF08ADFC
IE - HKCU\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.4
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.7.5.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/07/20 04:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/09/21 23:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 02:41:33 | 000,000,000 | ---D | M]

[2012/09/18 02:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/09/21 02:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/18 03:20:04 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\[email protected]
[2012/09/18 03:20:04 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/09/18 03:20:04 | 000,375,811 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/18 03:11:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/18 03:20:04 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/18 02:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/21 23:22:18 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/07/20 04:41:15 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?...l=dis&o=15179cr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.ask.com/?...l=dis&o=15179cr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Abstract-Blue = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C68FD9E6-9D2E-427A-B74E-B612D934FB9A}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 23:13:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 22:53:10 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/09/21 22:41:05 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\autoruns.exe
[2012/09/21 22:41:05 | 000,567,944 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\autorunsc.exe
[2012/09/20 01:30:27 | 000,000,000 | ---D | C] -- C:\Users\John\dwhelper
[2012/09/18 02:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/18 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/09/18 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2012/09/18 00:46:45 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Freemake
[2012/09/18 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/09/18 00:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/09/18 00:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/09/18 00:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012/09/12 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/12 20:58:06 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2012/09/12 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/12 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/12 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/12 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/09/12 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/10 02:43:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/05 04:16:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Publish Providers
[2012/09/04 19:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/09/01 11:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/01 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 11:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/31 21:34:25 | 000,051,776 | ---- | C] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk41.sys
[2012/08/31 17:33:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\XLink Kai
[2012/08/31 17:33:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai
[2012/08/31 17:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai
[2012/08/28 12:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/08/28 12:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/08/23 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/08/23 05:47:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\IcoFX2X
[2012/08/23 05:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IcoFX2X
[2012/08/23 05:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IcoFX
[2012/08/23 05:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IcoFX 2

========== Files - Modified Within 30 Days ==========

[2012/09/21 23:29:24 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 23:29:24 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 23:27:11 | 000,638,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 23:27:11 | 000,113,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/21 23:27:10 | 000,749,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 23:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 23:21:16 | 1073,176,574 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 22:53:11 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/09/21 22:40:55 | 000,540,921 | ---- | M] () -- C:\Users\John\Desktop\Autoruns.zip
[2012/09/21 19:09:33 | 000,180,636 | ---- | M] () -- C:\Users\John\Desktop\ConsoleRedesignHistory.jpg
[2012/09/20 05:13:23 | 495,263,333 | ---- | M] () -- C:\Users\John\Desktop\Big.Brother.US.S14E30.PDTV.x264-BAJSKORV.mp4
[2012/09/18 02:41:35 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/14 04:12:46 | 000,003,584 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/12 20:58:41 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/11 18:44:54 | 000,007,612 | ---- | M] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2012/09/10 22:24:23 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/10 21:38:09 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/09/10 09:16:28 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\autoruns.exe
[2012/09/10 09:16:28 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\autorunsc.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 01:40:10 | 000,002,228 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
[2012/09/06 04:50:52 | 000,152,652 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/04 23:57:43 | 000,207,049 | ---- | M] () -- C:\Windows\hpoins46.dat
[2012/09/04 23:57:24 | 000,001,994 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/09/04 00:07:04 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/03 23:12:06 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk41.sys
[2012/09/01 21:47:09 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/01 04:12:20 | 000,000,132 | ---- | M] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/28 13:26:47 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/23 05:31:57 | 000,000,002 | -HS- | M] () -- C:\Users\John\AppData\Roaming\evf102
[2012/08/23 05:31:52 | 000,000,007 | -HS- | M] () -- C:\Users\John\AppData\Roaming\date

========== Files Created - No Company Name ==========

[2012/09/21 22:41:05 | 000,049,648 | ---- | C] () -- C:\Users\John\Desktop\autoruns.chm
[2012/09/21 22:40:54 | 000,540,921 | ---- | C] () -- C:\Users\John\Desktop\Autoruns.zip
[2012/09/20 20:40:27 | 000,180,636 | ---- | C] () -- C:\Users\John\Desktop\ConsoleRedesignHistory.jpg
[2012/09/20 04:57:58 | 495,263,333 | ---- | C] () -- C:\Users\John\Desktop\Big.Brother.US.S14E30.PDTV.x264-BAJSKORV.mp4
[2012/09/18 02:41:35 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/18 02:41:33 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/12 20:58:40 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/10 21:45:07 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/07 04:46:47 | 000,003,584 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 01:40:10 | 000,002,228 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
[2012/09/06 04:50:52 | 000,152,652 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/01 04:12:20 | 000,000,132 | ---- | C] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/23 05:31:57 | 000,000,002 | -HS- | C] () -- C:\Users\John\AppData\Roaming\evf102
[2012/08/23 05:31:51 | 000,000,007 | -HS- | C] () -- C:\Users\John\AppData\Roaming\date
[2012/07/20 04:59:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/16 17:30:05 | 000,007,612 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2012/07/07 02:53:03 | 000,207,049 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/07/07 02:53:03 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/07/06 04:20:45 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/06 04:20:45 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/06 04:20:45 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/04 03:02:31 | 000,000,708 | ---- | C] () -- C:\Windows\eReg.dat
[2012/06/28 04:43:20 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\8D131C7C8F.sys
[2012/06/28 04:43:17 | 000,001,994 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/06/28 04:29:19 | 000,002,098 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/06/28 04:29:19 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8F7C1C138D.sys
[2012/06/28 04:06:56 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/05/11 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/11 13:15:43 | 000,771,986 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/06/27 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\acccore
[2012/06/28 04:09:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2012/07/21 01:14:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BlueSprig
[2012/09/07 18:18:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Enterbrain
[2012/08/15 01:08:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HandBrake
[2012/08/23 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IcoFX2X
[2012/07/16 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2012/06/29 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Jasc
[2012/07/04 01:47:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ManyCam
[2012/09/07 01:42:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Origin
[2012/09/05 04:16:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers
[2012/06/28 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Registry Mechanic
[2012/07/26 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2012/09/20 06:26:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012/08/31 21:34:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\XLink Kai

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


Thanks and any help is greatly appreciated.
  • 0

Advertisements

#2
RKinner
Posted 22 September 2012 - 12:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Uninstall Speccy.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Ron
  • 0

#3
Uirsa5822
Posted 22 September 2012 - 08:44 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
System:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/09/2012 10:22:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2012 2:13:08 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/09/2012 2:11:14 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Application:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/09/2012 10:24:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/09/2012 2:13:36 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/09/2012 2:11:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-46084113-1864959542-2944292296-1000:
Process 1084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Process Explorer:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 89.21 0 K 24 K
procexp64.exe 1332 7.07 29,968 K 50,736 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 1.20 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1456 0.75 31,752 K 29,876 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 4 0.73 140 K 1,188 K
csrss.exe 624 0.40 2,616 K 6,396 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 1480 0.17 33,424 K 57,500 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 908 0.11 3,788 K 7,476 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3572 0.10 4,332 K 12,564 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 736 0.06 4,136 K 10,104 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
FlashPlayerPlugin_11_4_402_265.exe 2220 0.05 38,808 K 41,744 K Adobe Flash Player 11.4 r402 Adobe Systems, Inc. (Verified) Adobe Systems Incorporated
firefox.exe 3068 0.04 270,336 K 291,316 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
ccsvchst.exe 1828 0.04 71,044 K 69,736 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
plugin-container.exe 2420 0.02 9,708 K 11,288 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation
FlashPlayerPlugin_11_4_402_265.exe 2076 0.02 11,012 K 17,564 K Adobe Flash Player 11.4 r402 Adobe Systems, Inc. (Verified) Adobe Systems Incorporated
svchost.exe 1064 0.02 9,724 K 13,096 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1156 0.01 16,324 K 16,900 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1896 < 0.01 4,224 K 8,568 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 560 < 0.01 19,600 K 34,416 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 2744 < 0.01 26,028 K 10,564 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
spoolsv.exe 1384 < 0.01 13,672 K 20,600 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 400 2,580 K 5,920 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 680 2,884 K 7,032 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 632 1,456 K 4,380 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 1416 7,796 K 8,844 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1520 6,568 K 11,988 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1016 23,336 K 19,540 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 840 4,080 K 8,936 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2108 4,572 K 22,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2000 1,168 K 3,504 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 412 8,512 K 16,988 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1120 1,940 K 5,496 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2976 2,220 K 5,600 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1672 2,872 K 7,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1808 1,156 K 3,500 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 364 444 K 1,112 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 728 5,696 K 9,012 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3340 2,024 K 7,044 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
notepad.exe 3956 1,332 K 6,060 K Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 3284 1,388 K 6,200 K Notepad Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 744 2,480 K 4,176 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 520 1,972 K 4,240 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows



OTL Log:

OTL logfile created on: 9/22/2012 10:30:29 PM - Run 3
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.28 Gb Available Physical Memory | 85.64% Memory free
18.00 Gb Paging File | 16.10 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142M:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.23 Gb Total Space | 701.00 Gb Free Space | 76.18% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 22:29:44 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/09/22 22:24:41 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/24 14:31:19 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/24 14:31:19 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/04 22:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 22:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/20 14:05:27 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 06:13:03 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/10 21:38:09 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/03 23:12:06 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/12 22:40:13 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/06 04:15:53 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/28 03:35:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/08 23:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [1999/12/31 20:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [1999/12/31 20:00:00 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [1999/12/31 20:00:00 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [1999/12/31 20:00:00 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [1999/12/31 20:00:00 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [1999/12/31 20:00:00 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [1999/12/31 20:00:00 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [1999/12/31 20:00:00 | 000,016,552 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV - [2012/09/22 17:58:59 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120922.008\ex64.sys -- (NAVEX15)
DRV - [2012/09/22 17:58:59 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120922.008\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120921.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 01:06:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 01:06:03 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15179
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{8BF544E8-E5E1-4BDE-83AC-314606D7C34E}: "URL" = http://websearch.ask...3C-35AAEF08ADFC
IE - HKCU\..\SearchScopes\{9DCB4366-5B4F-459F-A88A-F3FECFA0AAEA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.4
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.1
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.7.5.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/07/20 04:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/09/22 22:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 02:41:33 | 000,000,000 | ---D | M]

[2012/09/18 02:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/09/21 02:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/09/18 03:20:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/18 03:20:04 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\[email protected]
[2012/09/18 03:20:04 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/09/18 03:20:04 | 000,375,811 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/18 03:11:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/18 03:20:04 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8xyhx56k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/18 02:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/22 22:13:18 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/07/20 04:41:15 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?...l=dis&o=15179cr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.ask.com/?...l=dis&o=15179cr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Abstract-Blue = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C68FD9E6-9D2E-427A-B74E-B612D934FB9A}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - Microsoft Windows
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 22:29:43 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/09/22 22:25:12 | 001,479,536 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp64.exe
[2012/09/22 22:24:37 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp.exe
[2012/09/22 05:53:25 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bb
[2012/09/21 23:19:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/21 23:19:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/21 23:19:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/21 23:19:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/21 23:19:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/21 23:19:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/21 23:19:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/21 23:19:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/21 23:18:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/21 23:18:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/21 23:18:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/21 23:18:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/21 23:18:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/21 23:18:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/21 23:18:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 23:13:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/20 01:30:27 | 000,000,000 | ---D | C] -- C:\Users\John\dwhelper
[2012/09/18 02:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/18 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/09/18 02:17:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2012/09/18 00:46:45 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Freemake
[2012/09/18 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/09/18 00:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/09/18 00:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/09/18 00:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012/09/12 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/12 20:58:35 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/12 20:58:06 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2012/09/12 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/12 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/12 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/12 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/09/12 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/12 13:13:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 13:13:21 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 13:13:20 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 13:13:20 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 02:43:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/05 04:16:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Publish Providers
[2012/09/04 19:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/09/01 11:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/01 11:33:01 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/01 11:32:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/01 11:32:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/01 11:32:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/01 11:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 11:30:30 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/01 11:30:30 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/01 11:30:30 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/01 11:30:24 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/01 11:30:24 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/01 11:30:24 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/01 11:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/31 21:34:25 | 000,051,776 | ---- | C] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk41.sys
[2012/08/31 17:33:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\XLink Kai
[2012/08/31 17:33:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai
[2012/08/31 17:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai
[2012/08/28 12:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/08/28 12:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net

========== Files - Modified Within 30 Days ==========

[2012/09/22 22:29:44 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/09/22 22:25:12 | 001,479,536 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp64.exe
[2012/09/22 22:24:41 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp.exe
[2012/09/22 22:21:50 | 000,061,440 | ---- | M] ( ) -- C:\Users\John\Desktop\VEW(1).exe
[2012/09/22 22:20:09 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 22:20:09 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 22:17:18 | 000,749,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/22 22:17:18 | 000,638,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/22 22:17:18 | 000,113,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/22 22:13:40 | 004,971,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/22 22:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 22:12:03 | 1073,176,574 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/22 22:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 14:05:25 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/20 14:05:25 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/18 02:41:35 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/14 04:12:46 | 000,003,584 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/12 20:58:41 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/11 18:44:54 | 000,007,612 | ---- | M] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2012/09/10 22:24:23 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/10 21:38:09 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 01:40:10 | 000,002,228 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
[2012/09/06 04:50:52 | 000,152,652 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/04 23:57:43 | 000,207,049 | ---- | M] () -- C:\Windows\hpoins46.dat
[2012/09/04 23:57:24 | 000,001,994 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/09/04 00:07:04 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/03 23:12:06 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk41.sys
[2012/09/01 21:47:09 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/01 11:32:46 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/01 11:32:45 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/01 11:32:45 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/01 11:32:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/01 11:32:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/01 11:30:16 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/01 11:30:15 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/01 11:30:15 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/01 11:30:15 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/01 11:30:15 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/01 11:30:15 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/01 04:12:20 | 000,000,132 | ---- | M] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/28 13:26:47 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/24 06:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/24 06:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/24 06:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/24 06:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/24 06:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/24 06:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/24 06:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/24 06:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/24 06:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/24 02:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/24 02:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/24 02:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/24 02:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/24 02:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/24 02:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2012/09/22 22:21:27 | 000,061,440 | ---- | C] ( ) -- C:\Users\John\Desktop\VEW(1).exe
[2012/09/22 22:12:17 | 004,971,304 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/18 02:41:35 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/18 02:41:33 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/12 20:58:40 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/10 21:45:07 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/07 04:46:47 | 000,003,584 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 01:40:10 | 000,002,228 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk
[2012/09/06 04:50:52 | 000,152,652 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/01 04:12:20 | 000,000,132 | ---- | C] () -- C:\Users\John\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/23 05:31:57 | 000,000,002 | -HS- | C] () -- C:\Users\John\AppData\Roaming\evf102
[2012/08/23 05:31:51 | 000,000,007 | -HS- | C] () -- C:\Users\John\AppData\Roaming\date
[2012/07/20 04:59:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/16 17:30:05 | 000,007,612 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2012/07/07 02:53:03 | 000,207,049 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/07/07 02:53:03 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/07/06 04:20:45 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/06 04:20:45 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/06 04:20:45 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/04 03:02:31 | 000,000,708 | ---- | C] () -- C:\Windows\eReg.dat
[2012/06/28 04:43:20 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\8D131C7C8F.sys
[2012/06/28 04:43:17 | 000,001,994 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/06/28 04:29:19 | 000,002,098 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/06/28 04:29:19 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8F7C1C138D.sys
[2012/06/28 04:06:56 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/05/11 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/11 13:15:43 | 000,771,986 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721010CLA332 SATA Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 920.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 988193751040
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/06/27 23:55:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\acccore
[2012/07/24 00:26:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Adobe
[2012/09/05 03:20:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Apple Computer
[2012/06/28 04:09:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2012/07/21 01:14:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BlueSprig
[2012/09/07 18:18:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Enterbrain
[2012/08/15 01:08:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HandBrake
[2012/07/07 03:24:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HP
[2012/08/01 03:29:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HpUpdate
[2012/08/23 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IcoFX2X
[2012/06/27 22:29:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Identities
[2012/07/16 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2012/06/29 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Jasc
[2011/05/11 02:32:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Macromedia
[2012/06/28 15:02:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/07/04 01:47:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ManyCam
[2012/08/07 23:30:06 | 000,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft
[2012/09/18 02:41:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/08/16 05:58:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nero
[2012/09/07 01:42:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Origin
[2012/09/05 04:16:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers
[2012/06/28 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Registry Mechanic
[2012/09/21 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Skype
[2012/07/26 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2012/06/28 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/22 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2012/06/28 03:27:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinRAR
[2012/08/31 21:34:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\XLink Kai

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 23:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 23:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 23:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 23:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 23:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/28 16:34:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/28 16:34:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/28 16:34:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 00:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/06/28 16:34:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/06/28 16:34:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/06/28 16:34:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


OTL Extra Log File:

OTL Extras logfile created on: 9/22/2012 10:30:29 PM - Run 3
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.28 Gb Available Physical Memory | 85.64% Memory free
18.00 Gb Paging File | 16.10 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142M:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.23 Gb Total Space | 701.00 Gb Free Space | 76.18% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1838477E-3DD6-46E0-97F5-84E497F89E03}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22E39503-629A-4403-BD42-BC2932DA78A2}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D3EE0E4-4DE5-4565-AD0F-68FF0537CED2}" = rport=138 | protocol=17 | dir=out | app=system |
"{3E7E2557-3EE0-45E7-A13A-D5C86FBB0F90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EE662AC-FC90-4B7B-B143-256ECB4B1169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50C5977B-75BB-4377-898F-1C51D4904332}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{590ED19F-9DBF-46FB-A13B-FC07F70F48B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DA37129-75D2-4D84-9411-680D343AD73E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6EF92401-FA86-4C3D-9F53-CECDB299408A}" = lport=138 | protocol=17 | dir=in | app=system |
"{75B69F74-3D2D-489A-BD3D-4C432FE7E371}" = lport=137 | protocol=17 | dir=in | app=system |
"{8339E72C-A875-4B38-8C3E-6F9ED0C5172E}" = lport=139 | protocol=6 | dir=in | app=system |
"{983F3D07-D244-46E7-8F53-7D6467D48D81}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A72D3EDC-7D6F-4F2C-A412-B94C4E5FBD0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2CE9FD2-191B-4EFA-B8A2-E4FA576A8A69}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4E794D2-F1BD-4EF1-9181-6DA061B5CD5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BB7C3FA2-1BD3-42D1-8BF5-A5BDE33CBF44}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3FB86E2-E33D-4CFC-91F3-B67E7898CA3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA9640D9-0C69-477A-94DE-C9920EBEB913}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA62069B-E370-42AF-8903-06B115E619F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E583705D-410F-4A19-87DC-7C235E205BE4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E70EE781-5BF1-4227-83F3-53F460D5F50C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6E855A7-FB48-4E78-9A52-4804E65D9608}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12345-1049-49FF-8BA2-BC502626800E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{0C62BB8C-9837-45A4-B321-E59A3EDEF44A}" = protocol=58 | dir=in | [email protected],-28545 |
"{12B989F4-16AF-4AF6-8C92-44910F9147A9}" = protocol=58 | dir=out | [email protected],-28546 |
"{16188499-F9FD-43D8-BECB-1137789826E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1A2E0A6A-CF8F-40C6-B746-C6A142028196}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C2E88A7-8FEB-4653-BCE6-1C4BA6F51AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E87762A-C8D7-4A74-AE0A-83C241DA8B65}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3855EECA-406B-4E2D-88B9-B5CCB21E19C6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{38574B58-463D-43DE-97B9-B30835B0FEF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CDDFFAE-F8E4-4B1C-ACBB-38809478067D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E226CBF-7B5B-41B1-A8C2-3B70BF8800AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3E6D796A-ACC0-4D9E-B74A-7BA11C9DF4A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4478FF05-7373-4CB5-9BD0-F8A4E5DF730A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45427D98-31CC-4C9A-AF22-17CE74C13685}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49A17D30-FF0D-4184-AE5B-AB6FEC3AD83A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4F84818D-323B-4102-B78A-35F8C028AC8C}" = protocol=1 | dir=out | [email protected],-28544 |
"{5067A2D2-38DA-4087-81A5-3F384E777959}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{dbc1de57-b55a-4d57-9769-1db9be506af7}\setup\hpznui40.exe |
"{50969CB3-B384-4B09-974F-69B870C5C86C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59EBD4A1-16F5-4007-8092-450978B7F396}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E1E69BE-A761-44C6-ADEB-4D8692334B71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{64810BF6-BBA3-488E-A13D-7DDED6149C25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64A54A15-591A-4A6B-8E15-08A6627646EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{6D222844-48D0-42E2-8410-6ADD59426521}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6FD57D0E-D70A-4ED1-A311-EF7E2D2D356B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{74014899-F206-4BA8-8775-B86BD93D396A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7C3D6635-8FA4-4A8A-A3EB-FBD683AE3FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{84B3AA0F-BE31-4F0F-80B3-0595DD0D260F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8852D6EA-4508-4C65-B068-508EB825A445}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{89C84BF9-8FD4-46E1-BB80-4FE0BCF0AAE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A57200A-F796-43F5-9736-A21B180DEEEB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8AA3F9B2-BB13-4268-8ADA-F16E98F6F7AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8D09BA6F-B5EC-42AD-BD19-5617830CA2CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{954670E2-A217-47A1-A3BA-5D6D2EF3DBCC}" = protocol=6 | dir=out | app=system |
"{A3A4B53B-9BC4-4FDA-A837-0F519D6A1C9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B2AB3F87-DCEC-4C5E-875D-87717E26E597}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B59DFDA1-E605-4C8B-B2F4-DAA8D62DA0A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1C90C93-A85D-419C-B9F9-233EFBBBC80F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C82F7515-93F3-4EAB-8AB9-D2A60DB56C68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB7DF53C-8AC5-4559-A161-5AB81659C68C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DF1767CE-169F-44AE-8299-E6C010BE1370}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E125BF35-1784-46DA-8B74-F9F6ED106678}" = protocol=1 | dir=in | [email protected],-28543 |
"{E1AFAB30-E3E5-49A2-AFFA-0856084FC528}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E3CCABCB-9585-4C2E-9E49-2F6FA2A880DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EDD79E5E-697A-4ED5-BA04-ED1AF9F6320D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F34B12EC-6791-4669-BDFF-B3752F297E7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F690CD2D-B729-4A99-8A57-A69725165C35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F8889490-F534-4713-86F1-057553A4E9D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8A4F3DD-2B6F-4124-B384-F1AC104D939B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{FB112522-03FA-42E3-BEB1-05E233808304}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047D5657-1DAC-2B16-E110-F4A9C0E7EF2C}" = AMD Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7F3358-7674-7E89-3943-919184538E74}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D83BBC38-9E48-2F40-8A4F-89169A4A228E}" = AMD Fuel
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = Gimp
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NMMS11" = Nero 11
"Speccy" = Speccy
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FE1293-2D39-2D58-B63A-16EAFDFB9577}" = CCC Help Thai
"{05891AC5-DC7A-4B6D-B144-FE0DB96B180A}" = DriverUpdate
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08B61676-BF12-0E38-1A29-2396AA947D62}" = CCC Help Portuguese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D35BE01-3653-6004-3F98-38C8447CA23D}" = AMD VISION Engine Control Center
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{12408350-13EB-20AB-E172-DCA006557179}" = CCC Help Danish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16DEF5B9-AD4F-FE37-C651-9E1ED5A9E5BA}" = CCC Help Swedish
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2669F21C-1763-88A1-8F3D-FE78BAA61B79}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5F74D-27A5-0F9E-B63B-754ED5EF4F9D}" = CCC Help Greek
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA9A3B6-D416-C2FF-1439-7174765F4836}" = CCC Help Polish
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5C8AB4-BEF3-321A-A3AE-97240131B5E1}" = CCC Help Turkish
"{50A8402F-E677-558E-688A-8CF360AEEB04}" = CCC Help Spanish
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5E2AC86F-FB16-7DF0-673D-00D421743833}" = CCC Help English
"{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6E1DA1BE-264E-621C-3631-9A160E953ECE}" = Catalyst Control Center InstallProxy
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74019A23-67A9-D934-F3B7-013CCC0E43AA}" = CCC Help German
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7CF4C521-5053-1FB1-7795-70A48BE23AAD}" = CCC Help Chinese Traditional
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{8367DB86-5A1B-9161-4333-60F514CA5E90}" = CCC Help Hungarian
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}" = Manhunt
"{8B7IL77L-87234A-AWAKE-18CD6E6334R1}_is1" = Alan Wake
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = Roller Coaster Tycoon 3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9529EF9F-808F-C0D9-F9D2-B088F71A8A63}" = CCC Help Norwegian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry's Sweet Treats
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C87F5C4-8F76-DCD1-BCC2-B11C6C348506}" = CCC Help Finnish
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EF2BAA4-EA06-F010-048B-AD6FF97D67C8}" = CCC Help Chinese Standard
"{9F50A59C-49FE-ADFB-4687-5DC8D0771A18}" = CCC Help Japanese
"{A599EC25-D180-845F-DD60-BB5B8421B6B9}" = Catalyst Control Center Localization All
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = Sim City 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B4645975-7C2A-0F70-CD99-ABA64C39972B}" = CCC Help Italian
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C85C9447-61C0-547C-3AC2-1BEEB8B51229}" = CCC Help Russian
"{CAC8BB61-8FE6-79C4-E80F-D37630375B51}" = CCC Help Korean
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D955B2AC-1066-54FF-FC8D-40EEF62A4287}" = CCC Help French
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD209318-3C61-1893-E8EC-D75F1508704C}" = CCC Help Czech
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"BlueSprig_JetClean_is1" = JetClean
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.1
"HandBrake" = HandBrake
"IcoFX 2_is1" = IcoFX
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"ManyCam" = ManyCam
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PowerISO" = PowerISO
"Registry Mechanic_is1" = Registry Mechanic
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RPGVXAce_RTP_is1" = RPG Maker VX Ace RTP
"SpywareBlaster_is1" = Spyware Blaster
"uTorrent" = µTorrent
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2012 10:13:36 PM | Computer Name = John-HP | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 8/16/2012 8:53:24 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 8:53:24 AM - Error connecting to the internet. 8:53:24 AM - Unable
to contact server..

Error - 8/16/2012 8:53:37 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 8:53:29 AM - Error connecting to the internet. 8:53:29 AM - Unable
to contact server..

Error - 8/16/2012 9:53:41 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 9:53:41 AM - Error connecting to the internet. 9:53:41 AM - Unable
to contact server..

Error - 8/16/2012 9:53:47 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 9:53:46 AM - Error connecting to the internet. 9:53:46 AM - Unable
to contact server..

Error - 8/16/2012 10:53:51 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 10:53:51 AM - Error connecting to the internet. 10:53:51 AM - Unable
to contact server..

Error - 8/16/2012 10:53:57 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 10:53:56 AM - Error connecting to the internet. 10:53:56 AM - Unable
to contact server..

Error - 8/16/2012 11:54:01 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 11:54:01 AM - Error connecting to the internet. 11:54:01 AM - Unable
to contact server..

Error - 8/16/2012 11:54:07 AM | Computer Name = John-HP | Source = MCUpdate | ID = 0
Description = 11:54:06 AM - Error connecting to the internet. 11:54:06 AM - Unable
to contact server..

[ System Events ]
Error - 9/22/2012 10:13:08 PM | Computer Name = John-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 9/22/2012 10:29:54 PM | Computer Name = John-HP | Source = BROWSER | ID = 8032
Description =


< End of report >


  • 0

#4
RKinner
Posted 23 September 2012 - 12:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Log: 'System' Date/Time: 23/09/2012 2:13:08 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find the Function Discovery Provider Host service and right click on it and select Properties. Verify the Startup Type: is Manual. If not, change it to Manual and then Apply. Attempt to Start the service. Do you get an error?

I suspect that the above error may be the cause of the slow boot. Any time a service doesn't start Windows will usually wait 30 seconds to see if it will start. If you don't use HomeGroups then you can find the HomeGroupProvider and change its Startup Type: to Disabled.

Log: 'Application' Date/Time: 23/09/2012 2:13:36 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


This one has a FixIt from Microsoft.


http://support.micro....com/kb/2545227



Log: 'Application' Date/Time: 23/09/2012 2:11:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-46084113-1864959542-2944292296-1000:
Process 1084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1084 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


I'm not sure about this one. Normally it would only have an effect when you shut down. I think it's reading

HKEY_USERS\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
and
HKEY_USERS\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

On my Win 7 the first key appears to be your zone settings which are normally the same as in HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
The second key exists but doesn't really have anything interesting in it.

Let's look at your keys:

Copy the next 3 lines:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /s > \junk.txt
reg query "HKEY_USERS\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s >> \junk.txt
reg query "HKEY_USERS\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /s >> \junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter.

Close the Command Window.

Find the file c:\junk.txt and attach it to your next post. Please do not copy and paste it.

Speccy did not see anything interesting. Make sure you uninstall it.

Looking at the OTL logs.

DRV:64bit: - [2012/09/10 21:38:09 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

Is supposedly part of Slimware driver utility but I do not see it in the list of installed programs. Do you know anything about it?

We do not recommend the use of registry cleaners or P2P programs so recommend that you uninstall Registry Mechanic and uTorrent. Use CCleaner with care. It can sometimes be a bit too thorough and can remove stuff that you might really need. Don't use it's registry cleaner. I don't think you need defraggler either. It's a pretty automatic process on win 7.
  • 0

#5
Uirsa5822
Posted 23 September 2012 - 08:22 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Alright,

  • So I went to Services and found Function Discovery Provider Host, which was set to disabled. I set it to Manual. And I started it. I got no errors. I did reboot after this, but my boot time still took awhile. There is another service, "Function Discovery Resource Publication" that is set to Disabled. Should I put that on Manual as well?
  • I downloaded the Microsoft Fix it and let it do it for me. It says it has been processed. I guess that means it has been fixed?
  • I attempted to attach the Junk text file but got this message, "Error This file was too big to upload". (1.11 MB) So I uploaded it at MediaFire and the download link is here:
    http://www.mediafire...mblm2dpp9xdxd75
  • I think the Slimware driver is from the program I have installed, "DriverUpdate". I use it to scan for out of date drivers. You can read more about it here:
    http://www.driverupdate.net/index.php

  • 0

#6
RKinner
Posted 23 September 2012 - 11:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
"Function Discovery Resource Publication" is set to Automatic on my Win 7 but it has no dependencies so nothing is going to complain if it doesn't run. Black Viper says:

Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.

Doesn't sound like something you really need.

I suspect that the Event: 1530 Source: Microsoft-Windows-User Profiles Service error is coming because you have used some program, probably Spyware Blaster, to put in a monster list of bad sites in the restricted zone. Probably takes too long to work with the key because of that. That's also why your junk.txt file was so big. I don't think it will effect bootup but it might slow down your browsers when they load. I see similar memory leaks all of the time with Windows Live on 64 bit systems so I don't think it's anything to worry about. Does your other PC have Spyware Blaster?

Let's clear the alarms then run VEW again:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

It probably would not hurt to run ESET online scan to make sure nothing is hiding tho I don't see any signs of malware. This will take a long time so I like to let it run while I sleep.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the much quicker bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#7
Uirsa5822
Posted 24 September 2012 - 02:28 AM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
For now, I don't need Function Discovery Resource Publication so I will keep it set to disabled.

Yes, I do have Spyware Blaster installed. What should I do about that then? I have both Firefox and Chrome installed, and both run fast. I haven't noticed any slow down on either.

VEW System Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/09/2012 2:48:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/09/2012 6:43:44 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



VEW Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/09/2012 2:49:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/09/2012 6:43:41 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-46084113-1864959542-2944292296-1000:
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1068 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


The ESET scan finished but found no threats. So obviously no threat log file I can make for that. Image:
Posted Image

Here is the ESET scanning log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 08:08:04
# local_time=2012-09-24 04:08:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 67 1377356 16255185 0 0
# compatibility_mode=5893 16776574 100 94 4542188 100013319 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=179146
# found=0
# cleaned=0
# scan_time=4215


Bitdefender Scan:

QuickScan 64-bit v0.9.9.118
---------------------------
Scan date: Mon Sep 24 04:19:16 2012
Machine ID: 3E44F88D



No infection found.
-------------------



Processes
---------
(verified) Firefox 2432 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox 1408 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) Google Chrome 1108 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2712 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2004 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3660 C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Microsoft® Windows® Operating System 1476 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 624 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 544 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 1448 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 736 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 744 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 1676 C:\Windows\System32\mspaint.exe
(verified) Microsoft® Windows® Operating System 4752 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 728 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 364 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1396 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 412 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 560 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 112 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 844 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1620 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1736 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1892 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1924 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1164 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1076 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2456 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1520 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3068 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 916 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1428 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 632 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 680 C:\Windows\System32\winlogon.exe
(verified) Microsoft® Windows® Operating System 1668 C:\Windows\SysWOW64\svchost.exe
(verified) Shockwave Flash 2620 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
(verified) Shockwave Flash 2304 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
(verified) Symantec Security Technologies 1756 C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
(verified) Symantec Security Technologies 2688 C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
(verified) Windows® Internet Explorer 1872 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2816 C:\Program Files\Internet Explorer\iexplore.exe
(verified) World of Warcraft 4556 C:\Program Files (x86)\World of Warcraft\Wow-64.exe


Network activity
----------------
Process svchost.exe (1164) connected on port 80 (HTTP) --> 65.197.244.10
Process firefox.exe (2432) connected on port 443 (HTTP over SSL) --> 66.220.151.83
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.124.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 173.194.73.147
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.124.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process firefox.exe (2432) connected on port 80 (HTTP) --> 141.101.125.244
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.26
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.26
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.0
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.0
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.13
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.43.13
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.73.147
Process iexplore.exe (2816) connected on port 80 (HTTP) --> 173.194.73.147
Process Wow-64.exe (4556) connected on port 1119 --> 12.129.206.130
Process Wow-64.exe (4556) connected on port 3724 (World of Warcraft) --> 12.129.222.153
Process Wow-64.exe (4556) connected on port 3724 (World of Warcraft) --> 12.129.222.152

Process svchost.exe (112) listens on ports: 49153 (RPC)
Process svchost.exe (560) listens on ports: 49155 (RPC)
Process wininit.exe (632) listens on ports: 49152 (RPC)
Process services.exe (728) listens on ports: 49156 (RPC)
Process lsass.exe (736) listens on ports: 49154 (RPC)
Process svchost.exe (916) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Java Deployment Toolkit 7.0.70.10 C:\Windows\system32\npDeployJava1.dll
(verified) Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) NPSWF64_11_4_402_265.dll C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Scan
----
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: fa4a45c179ab0e0f1a31b9751d4b18d7 c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: f37882f128efacefe353e0bae2766909 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 09a0279fe0c812eabb8c1567200c1c21 C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MD5: 3a6a2076d99ec66a53aec251150a3005 C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MD5: 1850daaa7e7a2e543c4a299b58ac9162 C:\Program Files (x86)\WinRAR\RarExt.dll
MD5: 8543bb84cd5872cd1619183f5cbbe3f9 C:\Windows\system32\drivers\emAudio64.sys
MD5: b1c55a95006d621d04fe4a23f86c0a54 C:\Windows\system32\DRIVERS\emDevice64.sys
MD5: 73fbb50c4d92adc30a9d57a269489a0b C:\Windows\system32\DRIVERS\emFilter64.sys
MD5: eecbbf7d76300e5558d316983961ffc1 C:\Windows\system32\DRIVERS\emScan64.sys
MD5: 024da28053d57e9e32bee52600576bbb C:\Windows\system32\DRIVERS\MarvinBus64.sys
MD5: 2334dc48997ba203b794df3ee70521db C:\Windows\System32\HPZinw12.dll
MD5: ac78df349f0e4cfb8b667c0cfff83cce C:\Windows\System32\HPZipm12.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.11 MB sent, 3.76 KB recvd
Scanned 1971 files and modules - 199 seconds

==============================================================================


  • 0

#8
RKinner
Posted 24 September 2012 - 09:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Is Spyware Blaster on the other, faster booting PC too? IF so then it's not the problem but if it's not you might try uninstalling it and then check the registry key that was so big before and see if it put it back the way it was or just left it bloated.

reg query "HKEY_USERS\S-1-5-21-46084113-1864959542-2944292296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

If the key is back to normal then clear the events, reboot (time the boot) and check vew, Applications and see if the registry leak went away

Do you have "DriverUpdate" installed on the other faster booting PC?

Were you playing World of Warcraft while running BitDefender?
  • 0

#9
Uirsa5822
Posted 24 September 2012 - 12:34 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Yes, Spyware Blaster is on the other computer. Both computers are pretty much set up in identical. Except this computer has more on the hard drive. But that means nothing.

I did format earlier this year. So that could be something worth mentioning, but again, sure it has nothing to do with boot times.

DriverUpdate is on the other PC as well. No idea what can be causing this long boot time. I am starting to believe something with the services though.

I wasn't playing WoW during the scan. I had it opened but minimized. I wasn't logged in. I opened it to check something on the log in screen but then forgot to close out of it.

Edited by Xanster82, 24 September 2012 - 12:35 PM.

  • 0

#10
RKinner
Posted 24 September 2012 - 12:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Since you have two more or less the same PC's you could try using Process Monitor on each.

Download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop. Run Process Monitor. (Right click and Run As Admin!)

As soon as it starts, File, then uncheck Capture Events. Once it stops, Options, click Enable Boot Logging. (Click on the 1 second option) Close Process Monitor and reboot. After you reboot, run Process Monitor as before and when it comes up it should tell you about the boot log it saved. The boot logs should have a lot of entries, each one with a time stamp. Compare the logs from the slow PC with the fast PC and see if you can see where the slow PC is wasting its time. I don't have a 64bit PC so I can't read the logs so you are on your own here.
  • 0

Advertisements

#11
Uirsa5822
Posted 25 September 2012 - 03:01 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
I got the log files, but not quite sure how to read them or what I am even looking for here. Both computers made two bootlog files (Bootlog & Bootlog-1) both look to be the same. Could I make a new thread somewhere where someone with more experience would be able to read them?
  • 0

#12
RKinner
Posted 25 September 2012 - 03:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What you want to look for is the time stamps. If this is taking longer to boot it must be doing something during that time so look for lines that seem to take longer on the slow one than on the fast one. If you open the logs then save then in CSV format I can probably open the CVS version in Excel. They will be quite large so you will need to rar them up and put them on your website.
  • 0

#13
Uirsa5822
Posted 25 September 2012 - 04:37 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
It doesn't display what took the longest to boot... Unless I am looking at them wrong. It just displays the time of day when it was recorded. So not sure really. It spans across 3 minutes too, but my system doesn't take that long to boot. The same goes for the boot log on the other system. The logfile for the slow PC is 150 MB. The one for the faster PC is 113 MB.

I zipped them both using WinRAR and uploaded them to MediaFire, link to download is here:

http://www.mediafire...68fnuf3vc1mer3d


Also I appreciate all your help with me thus far. Thank you.
  • 0

#14
RKinner
Posted 25 September 2012 - 09:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your PCs are not the same inside even if they both say Pavilion on the outside.

The slow one is AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD

AMD Turion II P540 Dual-Core Processor
Family x86 Family 16 Model 6 Stepping 3
Speed 2300 Mhz
Cores 2
CPU Score 5.70






The fast one Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

Intel Pentium CPU B960 @ 2.20GHz
Family x86 Family 6 Model 42 Stepping 7
Speed 2100 Mhz
Cores 2
CPU Score 5.90

So we are comparing Apples to Oranges. The higher the CPU score the faster they run Windows. Intel (faster PC) is just quicker with every step. I can't see how big the hard drive is but it might also be a different size.
  • 0

#15
Uirsa5822
Posted 25 September 2012 - 09:59 PM

Uirsa5822

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Yes I know I am running off AMD and the other is running off Intel. But I was under the assumption the issue at hand here was software related, not hardware. Once Windows is booted they both run very well. And both computers have 1 TB of hard drive space.

So you're saying my system boots slow because of an AMD Dual-core processor, and the other system boots fast because of an Intel processor? I don't see how that can be since my now slow-booting system at one point booted up as quick as the other PC. Which is why I believe it is software.

Edited by Xanster82, 25 September 2012 - 10:01 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP