Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Findgala (Windows 8)

Started by xirftwx , Jan 03 2013 07:58 PM

  • Please log in to reply

#1
xirftwx
Posted 03 January 2013 - 07:58 PM

xirftwx

    Member

  • Member
  • PipPip
  • 13 posts
Description of problem:
Frequently when I search on google and click a result, I am redirected to a "findgala" or other similar bogus website. I have run MBAM several times (full scan, database updated and nothing was found). Another symptom is my desktop background is now just pitch black. My icons are there, but my background is now black. While searching how to fix my problem, I found that the background problem is common with the "findgala" malware. My computer is a very new ASUS laptop running Windows 8 (64-bit). Something else odd happened the other night. I left my computer on overnight and when I came to it in the morning, a google search was opened with a search of "little boys". I assumed that this was probably malware-related too because I live alone.

OTL Log:

OTL logfile created on: 1/3/2013 7:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 73.24% Memory free
11.89 Gb Paging File | 10.15 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 98.66 Gb Free Space | 35.30% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe
PRC - [2012/12/04 23:27:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jake\Downloads\HijackThis.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/09/11 12:22:04 | 003,092,200 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/09/11 12:22:04 | 001,449,192 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/20 18:21:54 | 001,557,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/06/07 15:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/06/07 15:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/01 17:54:22 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 17:08:12 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2012/11/30 17:08:08 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2012/11/30 17:08:06 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2012/11/30 17:01:16 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2012/11/30 17:01:09 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2012/11/30 17:01:08 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\0823f2b72e9e64ed1c4561c58df5de48\PresentationFramework.Aero2.ni.dll
MOD - [2012/11/30 17:01:07 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2012/11/30 17:00:57 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2012/11/30 17:00:51 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2012/11/30 17:00:42 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2012/11/30 17:00:36 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/01 11:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/09/11 12:23:34 | 000,033,000 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/09/11 12:23:32 | 000,044,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/09/11 12:23:30 | 000,057,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/09/11 12:23:30 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/09/11 12:23:28 | 000,195,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/09/11 12:23:26 | 000,841,448 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/09/11 12:23:22 | 000,825,064 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/09/11 12:23:22 | 000,049,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/09/11 12:23:20 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/09/11 12:23:16 | 000,365,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/09/11 12:23:14 | 000,093,928 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/09/11 12:23:10 | 000,590,056 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/09/11 12:23:10 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/09/11 12:23:08 | 000,134,376 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/09/11 12:23:04 | 000,141,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/09/11 12:23:02 | 008,494,824 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/09/11 12:23:00 | 000,628,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/09/11 12:22:56 | 000,587,080 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/09/11 12:22:54 | 000,086,760 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/09/11 12:22:52 | 000,150,248 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/09/11 12:22:42 | 001,009,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/09/11 12:22:42 | 000,173,288 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/09/11 12:22:36 | 000,063,208 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/09/11 12:22:30 | 001,290,984 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/09/11 12:22:16 | 000,952,552 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/09/11 12:22:14 | 001,038,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/09/11 12:22:12 | 001,254,672 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/09/11 12:22:12 | 000,271,624 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/09/11 12:22:10 | 005,827,912 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/06/07 15:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/27 14:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012/07/25 22:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 21:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) [Auto | Running] -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe -- (KYDeviceServer)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/16 15:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/03 01:53:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/16 02:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/16 00:01:20 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/01 21:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 23:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 23:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 23:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 22:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 22:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 22:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 20:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/23 21:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 00:09:08 | 000,295,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 08:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 08:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 21:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/12/14 21:11:00 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/18 14:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/12/18 14:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Extensions
[2012/12/18 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Firefox\Profiles\jvx0pveo.default\extensions
[2012/12/18 14:51:21 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\firefox\profiles\jvx0pveo.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/12/18 14:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Facebook\u2122 Video Downloader = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0\
CHR - Extension: Show Me Emoji!! = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfaljehflmoakhcfdopplgbieldgknai\2.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.5_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662761F4-8EF4-4BA6-8244-B01E81BD8AD8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB39B49-F201-42D0-95E3-005C9D937860}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell\AutoRun\command - "" = "G:\TL-Bootstrap.exe"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\AutoRun\command - "" = "F:\SETUP.EXE"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/02 22:22:59 | 000,000,000 | ---D | C] -- C:\Windows\DRM
[2013/01/02 22:22:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\kuaiyong
[2013/01/02 22:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ
[2013/01/02 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2012/12/30 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Programs
[2012/12/28 14:48:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Macromedia
[2012/12/28 14:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Rogue Amoeba
[2012/12/28 14:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airfoil
[2012/12/20 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\The Office
[2012/12/20 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binreader
[2012/12/20 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ScriptPower OHG
[2012/12/20 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad
[2012/12/20 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad
[2012/12/20 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Paloma Networks, Inc
[2012/12/20 14:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\School
[2012/12/19 20:32:40 | 000,007,168 | ---- | C] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) -- C:\Windows\SysWow64\drivers\dhahelper.sys
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0_x86.dll
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012/12/19 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiLP
[2012/12/19 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK2-Runtime
[2012/12/19 18:22:26 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\Windows\SysNative\drivers\tiehdusb.sys
[2012/12/19 18:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\MyTIData
[2012/12/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/19 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Malwarebytes
[2012/12/19 17:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/19 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/19 17:43:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/19 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/18 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Adobe
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Mozilla
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Mozilla
[2012/12/18 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/17 11:55:07 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/12/17 11:55:07 | 003,618,304 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8x.sys
[2012/12/17 11:55:07 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athr.sys
[2012/12/17 11:55:07 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8.sys
[2012/12/17 11:54:30 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8.sys
[2012/12/17 11:54:13 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athr.sys
[2012/12/17 11:54:04 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/12/17 09:20:20 | 003,624,960 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8x.sys
[2012/12/17 09:19:49 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/12/15 12:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 12:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2012/12/15 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/15 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apple
[2012/12/15 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/12/15 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/12/15 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/13 14:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLeecher
[2012/12/13 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewsLeecher
[2012/12/13 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Newsbin
[2012/12/12 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\NZBS
[2012/12/12 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Newsbin
[2012/12/10 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\UseNeXT
[2012/12/08 07:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/03 19:26:44 | 000,000,380 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2013/01/03 19:26:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/03 19:26:08 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/03 19:25:52 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 19:24:28 | 602,104,621 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/03 19:24:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/03 19:24:25 | 763,088,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 19:20:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 15:18:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001UA.job
[2013/01/02 22:25:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:23:00 | 000,007,315 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:59 | 000,727,737 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:28 | 000,001,051 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 21:18:03 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001Core.job
[2013/01/01 17:44:01 | 000,494,280 | ---- | M] () -- C:\Users\Jake\Desktop\song.png
[2012/12/30 17:57:50 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 23:43:32 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/25 23:43:32 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/25 23:43:32 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/24 19:59:58 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:51:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/18 14:50:30 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 18:04:16 | 010,301,895 | ---- | M] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 01:38:04 | 008,082,517 | ---- | M] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 01:27:16 | 007,776,387 | ---- | M] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 01:13:15 | 007,672,196 | ---- | M] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/15 12:13:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 10:32:44 | 000,000,814 | ---- | M] () -- C:\Users\Jake\Desktop\µTorrent.lnk
[2012/12/15 10:32:44 | 000,000,794 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 23:00:34 | 009,852,907 | ---- | M] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 19:24:28 | 602,104,621 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:22:59 | 000,727,737 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:59 | 000,007,315 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:28 | 000,001,051 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/01 17:44:01 | 000,494,280 | ---- | C] () -- C:\Users\Jake\Desktop\song.png
[2012/12/28 14:48:33 | 008,756,136 | ---- | C] () -- C:\Users\Jake\Desktop\AirfoilInstaller.exe
[2012/12/28 14:48:26 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r00
[2012/12/28 14:48:22 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.rar
[2012/12/28 14:48:17 | 002,568,576 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r01
[2012/12/28 14:48:17 | 000,003,658 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.nfo
[2012/12/28 14:48:17 | 000,000,280 | ---- | C] () -- C:\Users\Jake\Desktop\file_id.diz
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw332.zip
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw331.zip
[2012/12/28 14:47:59 | 002,569,756 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw333.zip
[2012/12/20 14:51:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/19 17:43:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/18 14:50:29 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/18 14:50:29 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 12:24:57 | 009,852,907 | ---- | C] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2012/12/17 12:24:56 | 010,301,895 | ---- | C] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 12:24:56 | 008,082,517 | ---- | C] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 12:24:56 | 007,776,387 | ---- | C] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 12:24:56 | 007,672,196 | ---- | C] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/17 11:55:07 | 000,512,786 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/12/17 11:55:07 | 000,510,317 | ---- | C] () -- C:\Windows\SysNative\netathr.inf
[2012/12/17 11:55:07 | 000,326,379 | ---- | C] () -- C:\Windows\SysNative\athw8x.inf
[2012/12/17 11:55:07 | 000,324,816 | ---- | C] () -- C:\Windows\SysNative\athw8.inf
[2012/12/17 11:55:07 | 000,079,352 | ---- | C] () -- C:\Windows\SysNative\athw8x.cat
[2012/12/17 11:55:07 | 000,079,342 | ---- | C] () -- C:\Windows\SysNative\athw8.cat
[2012/12/17 11:55:07 | 000,077,253 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/12/17 11:55:07 | 000,077,249 | ---- | C] () -- C:\Windows\SysNative\athrext.cat
[2012/12/15 12:13:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 11:58:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/12/15 10:32:44 | 000,000,814 | ---- | C] () -- C:\Users\Jake\Desktop\µTorrent.lnk
[2012/12/15 10:32:44 | 000,000,794 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/14 05:27:23 | 000,820,939 | ---- | C] () -- C:\Windows\Fix_V4.exe
[2012/12/03 20:38:22 | 000,000,437 | ---- | C] () -- C:\ProgramData\xsupplicant.conf
[2012/11/30 07:10:45 | 000,000,380 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2012/08/22 06:13:17 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/22 06:13:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/22 06:13:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/04 19:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 19:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/08/04 01:53:42 | 000,164,016 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 18:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 14:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 14:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/10/11 10:37:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 21:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 21:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/30 07:10:55 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\ASUS WebStorage
[2012/12/20 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Binreader
[2013/01/02 22:22:29 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\kuaiyong
[2012/11/30 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Newshosting
[2012/12/20 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Paloma Networks, Inc
[2012/12/15 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2013/01/03 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\uTorrent
[2012/11/30 16:49:47 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Video Wallpaper
[2013/01/01 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\XBMC

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
DonnaB
Posted 04 January 2013 - 07:25 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Welcome to Geeks to Go! :)

My name is Donna and I'd be happy to help you clean your computer.

Your patience will be necessary since I am currently in training, and all of my responses to you must be reviewed by my instructor before I post them. The advantage is yours, in that you will have 2 pairs of eyes examining your issue every step of the way. :thumbsup:

Please read this post completely before beginning the fix. If there's anything that you do not understand don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that we are all volunteers. We do have families, careers, and other endeavors just as you do that may prevent immediate responses that meet your schedule. Time zones may also be a factor for a timely response. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this infected computer.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • If you have the capability to print the instructions, please do so, some portion of this fix may have to be accomplished in safe mode or offline where you will be unable to follow my instructions online.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you.
  • Scanning with programs and reading the logs do take a fair amount of time, your patience will be necessary. :)

Could you please post the Extras.txt log that OTL has generated? You should find it in the same location as OTL, which in you case will be your downloads folder:

C:\Users\Jake\Downloads\Extras.txt

Thank you,

Donna :)
  • 0

#3
xirftwx
Posted 04 January 2013 - 02:36 PM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Donna, thank you for responding.

Here is my Extras.txt:

OTL Extras logfile created on: 1/3/2013 7:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 73.24% Memory free
11.89 Gb Paging File | 10.15 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 98.66 Gb Free Space | 35.30% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1540F701-12F1-45CC-ACB0-5734FBA99C27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2490A9F5-B787-4E11-909C-DD87D20D7112}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{269EBA34-B2D3-44C8-A2F0-9D7F76E727D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2905E704-3EDE-4964-8913-B8AE7F33A863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2A757976-0F67-4637-AE4D-96320632CE6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{31030113-2011-4DF6-BDFC-FDD92792C36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32208922-D827-45EA-9DBE-01C3831C3391}" = rport=139 | protocol=6 | dir=out | app=system |
"{38E66A6A-F854-4E59-99DD-C0E74F32B79F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C1DBE5-5D50-400D-8025-B60C86C80BC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CA6F741-99FD-48FF-B305-044A67DB1AED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{745F9A61-5FE2-4BE8-BA8E-41767AAB2603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{756B2D3A-7890-497D-88D2-0A334F10BD47}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED12473-D930-4524-9E7D-1C5A4B509B75}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F12660F-CBAB-4CFA-84E3-8476810AFCEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{81166DE9-ACCF-459A-8AE6-BF66284868AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8135B68F-7BF5-41E3-B1AC-E79469A8200A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88E70BAF-AA08-412A-99BB-BF9A11FA93C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EFA234F-1474-42C6-ADBD-90A9B740EA05}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4CE5C79-BC99-44D5-B112-8F9B44582695}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9523384-5E80-47D3-A874-8FD081761B48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C9C72725-85C7-4646-BDBF-78EFAA897604}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCDDEDDF-D808-4E9D-9651-5F4546292FCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0BCB19-C7F8-47B6-834F-4C687AC55877}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA2FB44-24CA-47BD-BB06-59B6E236A550}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C74339-650E-4BC4-B501-CB6365F21850}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{095ACFDC-F36E-4C11-8898-3E629576AC1A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09E37BE3-17E6-48F2-80E4-085571AE8366}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{104092C0-C594-4F56-9AAE-3F9EA6EF5432}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10D56B12-8653-4012-A0B4-F66641916480}" = dir=in | name=music info |
"{151E8670-F970-48A5-A537-1914AA8EA747}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16BD20B7-0220-49A1-B37A-3BD8082B2D70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E76938-D68A-45BF-AEB6-CE9D01E0B819}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{1862798E-A387-4F29-BB56-AD2D25EF4339}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{18E6A1AF-4F37-4E35-84A0-9916109225C3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{19C628EC-D591-4433-AEE3-5CA469C96CC3}" = dir=out | name=windows_ie_ac_001 |
"{2134F3B3-70DB-4961-BBE0-20DE910EEB74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{219C0532-AA25-4A53-9269-B45C21905951}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{240A0261-A1EC-44FE-BCBA-46FFE134E838}" = dir=out | name=music info |
"{2446E9F8-A703-4DE8-B19F-7BD298B7C31C}" = protocol=6 | dir=out | app=system |
"{27DCAE8E-94EA-4797-8DB1-44276077B660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF7E7BF-6B8A-4376-8A82-A2C90091FB20}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C67FD72-E3E6-48D5-9B97-909815A48892}" = dir=out | name=taptiles |
"{2EFF51D0-2E98-4DF4-9122-9F3A68DA1A17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3097137B-086C-4F96-9BD3-ACCA7502DC1E}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{33551323-9250-4398-B6B4-F84330BE038A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{35404EAF-A9CA-466E-AA82-A85FD5FAE277}" = dir=out | name=adera |
"{35958DF7-8C26-4009-9C66-B19A9D22C914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{365F3FCF-7283-42CB-A63B-29018AE95D2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{36CE5959-7568-4969-B3CF-0A20D83549AB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3A4850E9-4179-4374-9AE7-8B427BAD4E0D}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{3BBB0D51-BE05-41E6-8AA3-4C1EEB99C7B3}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3C83B10A-245B-48F5-A115-960370AF5DF0}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CFA8DE9-AF66-4505-90F4-5DB33821A579}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3F473173-33FE-44A5-9039-3F5DF65363CD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{411C13AF-9C53-4A76-A267-2DB2DEE0B2BC}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{48E9222E-25AF-40A1-B7E4-7E6CF6070D73}" = dir=out | name=fresh paint |
"{4C7EECB2-AFF1-430C-98FD-1B22C43CD71E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C8229DA-F178-4FD2-8706-7F6C673F0EA9}" = dir=out | name=metrotwit |
"{50E925D3-5C54-411C-8FF8-D4386F46E0BE}" = protocol=17 | dir=in | app=c:\users\jake\appdata\roaming\utorrent\utorrent.exe |
"{545C5640-8085-42ED-A713-616B1F0491D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{575EFD41-F307-4D04-8394-B1DCC370EE35}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5A943F50-63F2-491A-A1B1-714C316C931A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3D201D-48FF-436F-ABC3-7D1F15954846}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D6C8104-CD1B-4FA1-AAFB-1561E1FB550E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F48689E-3DA0-434D-86EB-174328A3BD63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{60DB3CE1-2BB9-4195-B714-4D9573F3F042}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6469C2C9-5001-4B22-BD4F-AD32B9730332}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{667DE111-73AB-4FEB-AE1E-CFD1641E4853}" = dir=in | name=skype |
"{674ECD4A-38D6-43C1-95FD-CD9BA489AE95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6839D05F-02F0-459A-AC9A-4209EAF0F8E7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{69B34750-308E-4342-ACD0-DB9E16BE9B07}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{69B978DA-3A2D-4DBB-86B7-B2C5F9FA8613}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{69C817A5-43A5-4CD4-BBB5-672903F0F771}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{71F3EE54-4EA9-4446-A7AD-9A7EF230CDA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{730B7CF3-81CF-4C3D-9CB3-C056FBB50935}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{74D3AB0C-0BBF-423D-B635-E017693F2606}" = protocol=6 | dir=in | app=c:\users\jake\appdata\roaming\utorrent\utorrent.exe |
"{7C2A4E86-C08F-4872-86AD-E801FBC499AD}" = dir=out | name=hp printer control |
"{7DD8F304-08FD-4CA5-8DF5-070BE4CF2362}" = dir=out | name=the espn app |
"{7E80189F-EDD0-475B-BDA4-5F5F5EA887D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{7EFF1F1D-4395-4D85-B4A6-C8E13E0FA883}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8270B059-B6D8-4C44-BA59-FAE6FED48500}" = dir=out | name=adera |
"{840BEF54-EC42-47BF-8DE2-9B1279A69D49}" = dir=out | name=youtube+ |
"{8C384290-8E33-4E8C-8887-01273911394D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8FEAEBAF-6545-4F3E-822E-DB735F2E94F4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{93DC039B-29E3-4096-A67D-9561E226D252}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{962A824B-A7E8-4B37-B412-2867AB6296F8}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{985DC4AE-9013-4A09-B6DE-88D8B18353F3}" = dir=out | name=package tracker |
"{9876B466-55AC-4D21-A29B-F7E536560CA4}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{990E9BD4-2A9A-4C88-BCEB-672FE95F8C2D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9BF0567C-BB73-44AC-B771-B65EDBF66833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D410023-2CD9-44A8-ADB0-EADFC808DF15}" = dir=in | name=hp printer control |
"{9E21C2CA-B355-4B4B-847A-1AA511051747}" = dir=out | name=fresh paint |
"{A0E1BA66-BC6E-486D-AB23-BA9677ECE185}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A28E52E5-607D-4DB1-8B98-0EA8772553B5}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A3CDB21C-1A90-4777-A156-9058558EA266}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A6136EA5-CA1D-4AC6-855B-27E537986499}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A89116CC-E0C8-4A29-8E03-D8C3F8C8B7BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8F395B9-698D-4E95-870B-A77F41211EBD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B008E422-D4BD-475E-8541-E06EF0E4B925}" = dir=in | name=metrotwit |
"{B3578998-4AB6-4794-986C-8B99E8416670}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B48E3060-89C4-4AC4-B13A-421784B1B80F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B4BEB786-3C2C-4DF6-A7A9-7ABDC36BA11F}" = dir=out | name=skype |
"{B4E835A5-E4B1-4F3E-A900-E6A04F36670D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B4FE0A61-5B17-4AA0-92C5-A751FEFDD5E0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BA1C6FA2-9B19-4C12-83D7-358FD1143BCA}" = dir=out | name=microsoft solitaire collection |
"{C8B8E69B-633E-4447-9DBB-E353372225C4}" = dir=out | name=microsoft solitaire collection |
"{C9BADF9E-CB12-424E-8324-B4CE7B5B9C1B}" = dir=out | name=wordament |
"{CCDD9849-A8A7-421F-8971-B498696DA447}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDCD2DC4-8606-4C74-B5CD-23FEC5D7044C}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D61225A7-7A29-429A-AA0F-6F0BF8688C59}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D78E0979-E6EE-439D-A513-3C5D06BA9ED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA1F95BA-F52D-4932-95E8-032BAF3E7808}" = dir=in | app=c:\users\jake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DB0C2060-1450-4661-BA81-1DA36238E244}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E3920BA3-DDDD-46B4-BC8C-E1A6E06201F1}" = dir=out | name=taptiles |
"{E4552764-C06C-485D-B6DF-61178CDAAA66}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA1A249A-A17F-40EC-A7FB-068249295D6C}" = dir=out | name=wordament |
"{EC2415CE-BB67-4EB0-B413-67E50643F66C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EF5E1F7C-86E5-4597-849D-BC3849D3943A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F2E876EB-3C0E-411F-9C9A-989129010FD0}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{F3D0B42D-4263-4B5A-B787-531B13F53078}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F5B59A88-539D-4183-9358-F29A541923FB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F84A3330-D771-4464-BC49-44FF72ACA9E7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD54378B-2EE2-4622-A89A-9615D88231EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD8D71CA-1DE0-4F76-9F8B-9B3C49D1F7C7}" = dir=out | name=forecast hd |
"{FDC8986F-6206-4A2E-91C4-5FA8107ADE9B}" = dir=in | name=the espn app |
"TCP Query User{055846D7-9D89-4BDF-A457-E9C7D47A0992}C:\program files\airparrot\airparrot.exe" = protocol=6 | dir=in | app=c:\program files\airparrot\airparrot.exe |
"UDP Query User{DFADBD06-B570-41D0-86C5-8963047B6551}C:\program files\airparrot\airparrot.exe" = protocol=17 | dir=in | app=c:\program files\airparrot\airparrot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7B78D802-8704-49D3-A9BD-3B4A94C5A35C}" = iLoad
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1" = ¿ìÓÃ×ÊÔ´¹ÜÀíÆ÷ °æ±¾ 2.009
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0
"{3D47B2C0-8748-4450-99AE-0746A5A74C8E}" = Binreader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickPar" = QuickPar 0.9
"SABnzbd" = SABnzbd 0.7.6
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"wpa_supplicant" = wpa_supplicant

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2012 12:52:40 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5886563

Error - 12/31/2012 12:52:41 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2012 12:52:41 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5887750

Error - 12/31/2012 12:52:41 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5887750

Error - 12/31/2012 12:52:42 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2012 12:52:42 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5888875

Error - 12/31/2012 12:52:42 AM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5888875

Error - 12/31/2012 3:24:39 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2012 3:24:39 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3867125

Error - 12/31/2012 3:24:39 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3867125

[ System Events ]
Error - 12/17/2012 11:27:46 AM | Computer Name = Jake-Laptop | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 48. The Windows SChannel error state is 552.

Error - 12/17/2012 11:27:46 AM | Computer Name = Jake-Laptop | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Service Control Manager | ID = 7000
Description = The DhaHelper service failed to start due to the following error:
%%1275

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:59:23 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/24/2012 10:09:05 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =


< End of report >

Edited by xirftwx, 04 January 2013 - 02:43 PM.

  • 0

#4
DonnaB
Posted 04 January 2013 - 04:49 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Hello Donna, thank you for responding.


You're welcome! Thank you for providing the Extras.txt log.

WARNING!

I see you have µTorrent installed and some questionable sites where you can obtain cracked apps, bootleg software and looks like you have possilby downloaded a few things on your brand new computer. In today's world this is an infection just waiting to happen.

P2P Program installed: I feel that I must warn you that this type of program is of the highest nature that infections are invited into your Computer. I suggest that your remove it IMMEDIATELY.

P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others stealing your personal information such as passwords, online banking accounts, personal files, etc.

Please read the following link for more information:

P2P File-Sharing: Evaluate the Risks

Please download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select     Posted Image
    • Double-click AdwCleaner.exe to run the tool.
    • Click Delete button as shown below.
    Posted Image
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run.

Thank you :)
  • 0

#5
xirftwx
Posted 04 January 2013 - 11:51 PM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I certainly understand your concerns for the P2P software :happy: .

AdwCleaner ran without issues:

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 23:44:43
# Updated 29/12/2012 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Jake - JAKE-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Jake\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16384

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\jvx0pveo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [925 octets] - [04/01/2013 23:44:43]

########## EOF - C:\AdwCleaner[S1].txt - [984 octets] ##########
  • 0

#6
DonnaB
Posted 05 January 2013 - 10:21 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Due to noticeable discrepancies in your logs and the installation of WSServiceCrk (which is an application to steal paid Windows Store applications), I can no longer assist you with this matter. This is against the Geeks to Go forum policies as clearly stated in the Terms of Use (TOU) and we take great pride in being know as a reputable site for those who partake in legal means of obtaining their software.

3.p. The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.


Please note:
This rule is not limited to Microsoft apps, yet those that are created by 3rd party publishers, as well!

Thank you for understanding,

Donna :)
  • 0

#7
xirftwx
Posted 05 January 2013 - 10:55 AM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Donna, I do fully understand what you are saying. It is very possible that my son is responsible. He offered recently to get windows 8 apps for my PC (he has a windows 8 desktop PC of his own). Could you assist me in removing the WsService_Crk? Even if you are not able to assist me further, I appreciate your time.

I will be having a conversation with my son about ethics in the near future, no doubt.

Thanks,
- Jake
  • 0

#8
DonnaB
Posted 05 January 2013 - 01:21 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Due to your honesty, we have agreed to help you further. In which browser are you experiencing Findgala?

Let's continue: :)

Please follow my instructions below and provide the logs needed in their entirety. Please do not alter the logs in any way.

Also, please note that I have included changes for specific settings on the OTL program. Do not make any other changes.

  • Please click on Posted Image icon found on your desktop.
  • Under File Scans > File Age:, click on the drop down arron and choose 60 Days.
  • Place a checkmark in the little dial button to the left of All under the Extra Registry section.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any other settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your next reply.

  • 0

#9
xirftwx
Posted 05 January 2013 - 02:23 PM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am very happy to hear that you will still be assisting me, Donna! Please know that I am very grateful for your time.

I am experiencing the findgala redirect on Chrome. I really only use chrome though, so it could be affecting other browsers. I must note that not every search is redirected to findgala... it seems like about a 50% chance that my search gets redirected. I can try to see if it is affecting IE or Firefox as well and report back, if you'd like.

Here is the OTL.txt:

OTL logfile created on: 1/5/2013 2:02:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 74.61% Memory free
11.89 Gb Paging File | 10.19 Gb Available in Paging File | 85.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 96.26 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/09/11 12:22:04 | 003,092,200 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/09/11 12:22:04 | 001,449,192 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/20 18:21:54 | 001,557,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/06/07 15:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/06/07 15:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/01 17:54:22 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 17:08:12 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2012/11/30 17:08:08 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2012/11/30 17:08:06 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2012/11/30 17:01:16 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2012/11/30 17:01:09 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2012/11/30 17:01:08 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\0823f2b72e9e64ed1c4561c58df5de48\PresentationFramework.Aero2.ni.dll
MOD - [2012/11/30 17:01:07 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2012/11/30 17:00:57 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2012/11/30 17:00:51 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2012/11/30 17:00:42 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2012/11/30 17:00:36 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/01 11:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/09/11 12:23:34 | 000,033,000 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/09/11 12:23:32 | 000,044,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/09/11 12:23:30 | 000,057,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/09/11 12:23:30 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/09/11 12:23:28 | 000,195,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/09/11 12:23:26 | 000,841,448 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/09/11 12:23:22 | 000,825,064 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/09/11 12:23:22 | 000,049,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/09/11 12:23:20 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/09/11 12:23:16 | 000,365,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/09/11 12:23:14 | 000,093,928 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/09/11 12:23:10 | 000,590,056 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/09/11 12:23:10 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/09/11 12:23:08 | 000,134,376 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/09/11 12:23:04 | 000,141,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/09/11 12:23:02 | 008,494,824 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/09/11 12:23:00 | 000,628,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/09/11 12:22:56 | 000,587,080 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/09/11 12:22:54 | 000,086,760 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/09/11 12:22:52 | 000,150,248 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/09/11 12:22:42 | 001,009,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/09/11 12:22:42 | 000,173,288 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/09/11 12:22:36 | 000,063,208 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/09/11 12:22:30 | 001,290,984 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/09/11 12:22:16 | 000,952,552 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/09/11 12:22:14 | 001,038,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/09/11 12:22:12 | 001,254,672 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/09/11 12:22:12 | 000,271,624 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/09/11 12:22:10 | 005,827,912 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/06/07 15:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/27 14:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012/07/25 22:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 21:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (北京悠然天地科技有限公司) [Auto | Running] -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe -- (KYDeviceServer)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/16 15:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/03 01:53:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/16 02:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/16 00:01:20 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/01 21:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 23:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 23:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 23:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 22:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 22:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 22:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 20:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/23 21:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 00:09:08 | 000,295,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 08:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 08:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 21:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/12/14 21:11:00 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/18 14:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/12/18 14:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Extensions
[2012/12/18 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Firefox\Profiles\jvx0pveo.default\extensions
[2012/12/18 14:51:21 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\firefox\profiles\jvx0pveo.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/12/18 14:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Facebook\u2122 Video Downloader = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0\
CHR - Extension: Show Me Emoji!! = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfaljehflmoakhcfdopplgbieldgknai\2.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.5_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662761F4-8EF4-4BA6-8244-B01E81BD8AD8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB39B49-F201-42D0-95E3-005C9D937860}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell\AutoRun\command - "" = "G:\TL-Bootstrap.exe"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\AutoRun\command - "" = "F:\SETUP.EXE"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/01/04 23:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/01/03 23:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013/01/03 19:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/02 22:22:59 | 000,000,000 | ---D | C] -- C:\Windows\DRM
[2013/01/02 22:22:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\kuaiyong
[2013/01/02 22:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ
[2013/01/02 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2013/01/02 20:54:20 | 000,037,376 | ---- | C] (Microsoft) -- C:\Users\Jake\Desktop\FastVisits.exe
[2012/12/30 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Programs
[2012/12/28 14:48:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Macromedia
[2012/12/28 14:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Rogue Amoeba
[2012/12/28 14:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airfoil
[2012/12/20 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\The Office
[2012/12/20 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binreader
[2012/12/20 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ScriptPower OHG
[2012/12/20 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad
[2012/12/20 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad
[2012/12/20 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Paloma Networks, Inc
[2012/12/20 14:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\School
[2012/12/19 20:32:40 | 000,007,168 | ---- | C] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) -- C:\Windows\SysWow64\drivers\dhahelper.sys
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0_x86.dll
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012/12/19 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiLP
[2012/12/19 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK2-Runtime
[2012/12/19 18:22:26 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\Windows\SysNative\drivers\tiehdusb.sys
[2012/12/19 18:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\MyTIData
[2012/12/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/19 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Malwarebytes
[2012/12/19 17:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/19 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/19 17:43:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/19 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/18 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Adobe
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Mozilla
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Mozilla
[2012/12/18 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/17 11:55:07 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/12/17 11:55:07 | 003,618,304 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8x.sys
[2012/12/17 11:55:07 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athr.sys
[2012/12/17 11:55:07 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8.sys
[2012/12/17 11:54:30 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8.sys
[2012/12/17 11:54:13 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athr.sys
[2012/12/17 11:54:04 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/12/17 09:20:20 | 003,624,960 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8x.sys
[2012/12/17 09:19:49 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/12/15 12:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 12:13:32 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/12/15 12:13:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/12/15 12:13:32 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/15 12:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2012/12/15 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/15 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apple
[2012/12/15 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/12/15 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/12/15 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/13 14:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLeecher
[2012/12/13 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewsLeecher
[2012/12/13 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Newsbin
[2012/12/12 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\NZBS
[2012/12/12 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Newsbin
[2012/12/10 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\UseNeXT
[2012/12/08 07:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/03 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
[2012/12/03 20:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecureW2
[2012/12/03 20:40:37 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wpa_supplicant
[2012/12/03 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wpa_supplicant
[2012/12/03 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wpa_supplicant
[2012/12/03 20:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSupplicant
[2012/12/03 20:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XSupplicant
[2012/12/03 19:33:11 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/12/03 19:23:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Diagnostics
[2012/12/03 15:54:41 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/12/03 15:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/12/03 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/03 15:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/12/03 15:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/12/03 15:45:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/12/03 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/12/03 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/12/03 15:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/12/03 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/12/03 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/03 15:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Microsoft Help
[2012/12/03 15:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/03 15:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/03 15:42:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/12/03 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\QuickPar
[2012/12/03 15:38:24 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012/12/03 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012/12/03 15:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2012/12/03 15:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/12/03 15:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012/12/02 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Facebook
[2012/12/02 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\XBMC
[2012/12/02 20:29:33 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/12/02 20:29:33 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/12/02 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012/12/02 20:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2012/12/01 15:26:18 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\AirParrot
[2012/12/01 15:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AirParrot
[2012/12/01 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/11/30 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Apple Computer
[2012/11/30 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apple Computer
[2012/11/30 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Plex Media Server
[2012/11/30 22:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/11/30 22:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2012/11/30 22:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/30 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\vlc
[2012/11/30 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Newshosting
[2012/11/30 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\CrashRpt
[2012/11/30 17:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/30 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/11/30 17:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012/11/30 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Newshosting
[2012/11/30 17:32:38 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Downloads
[2012/11/30 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\sabnzbd
[2012/11/30 17:32:18 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
[2012/11/30 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2012/11/30 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Video Wallpaper
[2012/11/30 16:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/30 16:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/30 16:37:00 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/30 16:37:00 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/30 16:37:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/30 16:36:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/30 16:36:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/30 16:36:54 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/30 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/30 16:06:04 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\DivX
[2012/11/30 16:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/11/30 16:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/11/30 16:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/11/30 16:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/11/30 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/11/30 15:35:48 | 000,118,272 | ---- | C] (DeadPihto) -- C:\Windows\SysNative\wsservice_crk.dll
[2012/11/30 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\WinRAR
[2012/11/30 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/30 15:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/30 15:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/11/30 14:28:39 | 000,000,000 | ---D | C] -- C:\sources
[2012/11/30 14:20:39 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ElevatedDiagnostics
[2012/11/30 07:16:00 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\uTorrent
[2012/11/30 07:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/30 07:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/30 07:15:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Google
[2012/11/30 07:15:11 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Deployment
[2012/11/30 07:15:11 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apps
[2012/11/30 07:14:35 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Macromedia
[2012/11/30 07:10:55 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\ASUS WebStorage
[2012/11/30 07:10:11 | 000,000,000 | R--D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/30 07:10:11 | 000,000,000 | R--D | C] -- C:\Users\Jake\Searches
[2012/11/30 07:10:11 | 000,000,000 | R--D | C] -- C:\Users\Jake\Contacts
[2012/11/30 07:10:11 | 000,000,000 | R--D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/30 07:10:11 | 000,000,000 | -H-D | C] -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/11/30 07:10:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Adobe
[2012/11/30 07:09:57 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2012/11/30 07:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2012/11/30 07:09:20 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Cyberlink
[2012/11/30 07:08:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\CyberLink
[2012/11/30 07:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/11/30 07:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\CyberLink
[2012/11/30 07:08:18 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\VirtualStore
[2012/11/30 07:08:01 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Packages
[2012/11/30 07:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ASUS
[2012/11/30 07:07:45 | 000,000,000 | --SD | C] -- C:\Users\Jake\AppData\Roaming\Microsoft
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Videos
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Saved Games
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Pictures
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Music
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Links
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Favorites
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Downloads
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Documents
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\Desktop
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/30 07:07:45 | 000,000,000 | R--D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\AppData\Local\Temporary Internet Files
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Templates
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Start Menu
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\SendTo
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Recent
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\PrintHood
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\NetHood
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Documents\My Videos
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Documents\My Pictures
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Documents\My Music
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\My Documents
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Local Settings
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\AppData\Local\History
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Cookies
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\Application Data
[2012/11/30 07:07:45 | 000,000,000 | -HSD | C] -- C:\Users\Jake\AppData\Local\Application Data
[2012/11/30 07:07:45 | 000,000,000 | -H-D | C] -- C:\Users\Jake\AppData
[2012/11/30 07:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Temp
[2012/11/30 07:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Microsoft
[2012/11/30 07:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/13 14:29:04 | 000,354,216 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/01/05 13:20:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 12:18:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001UA.job
[2013/01/05 05:20:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 23:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/04 23:47:39 | 000,000,380 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2013/01/04 23:46:21 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/04 23:45:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/04 23:45:40 | 763,088,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 23:17:55 | 000,000,969 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/03 23:17:55 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/01/03 21:18:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001Core.job
[2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:28 | 602,104,621 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:23:00 | 000,007,315 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:59 | 000,727,737 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:28 | 000,001,051 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/01 17:44:01 | 000,494,280 | ---- | M] () -- C:\Users\Jake\Desktop\song.png
[2012/12/30 17:57:50 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 23:43:32 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/25 23:43:32 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/25 23:43:32 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/24 19:59:58 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:51:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/18 14:50:30 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 18:04:16 | 010,301,895 | ---- | M] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 01:38:04 | 008,082,517 | ---- | M] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 01:27:16 | 007,776,387 | ---- | M] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 01:13:15 | 007,672,196 | ---- | M] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/15 12:13:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 23:00:34 | 009,852,907 | ---- | M] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2012/12/03 20:38:22 | 000,000,437 | ---- | M] () -- C:\ProgramData\xsupplicant.conf
[2012/12/03 15:38:24 | 000,001,009 | ---- | M] () -- C:\Users\Jake\Desktop\QuickPar.lnk
[2012/12/03 15:20:06 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/12/03 01:53:06 | 000,031,232 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/12/01 01:46:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/11/30 17:39:53 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/30 17:32:18 | 000,000,993 | ---- | M] () -- C:\Users\Jake\Desktop\SABnzbd.lnk
[2012/11/30 16:36:48 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/30 16:36:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/30 16:36:47 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/30 16:36:47 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/30 16:36:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/30 16:36:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/30 16:27:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/30 16:06:18 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/11/30 07:16:00 | 000,002,291 | ---- | M] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2012/11/30 07:14:29 | 000,001,426 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/27 14:56:28 | 000,118,272 | ---- | M] (DeadPihto) -- C:\Windows\SysNative\wsservice_crk.dll
[2012/11/13 14:29:04 | 000,354,216 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2012/11/12 17:52:08 | 000,820,939 | ---- | M] () -- C:\Windows\Fix_V4.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 23:17:55 | 000,000,969 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/03 23:17:55 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/01/03 19:24:28 | 602,104,621 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:22:59 | 000,727,737 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:59 | 000,007,315 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:28 | 000,001,051 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/01 17:44:01 | 000,494,280 | ---- | C] () -- C:\Users\Jake\Desktop\song.png
[2012/12/28 14:48:33 | 008,756,136 | ---- | C] () -- C:\Users\Jake\Desktop\AirfoilInstaller.exe
[2012/12/28 14:48:26 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r00
[2012/12/28 14:48:22 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.rar
[2012/12/28 14:48:17 | 002,568,576 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r01
[2012/12/28 14:48:17 | 000,003,658 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.nfo
[2012/12/28 14:48:17 | 000,000,280 | ---- | C] () -- C:\Users\Jake\Desktop\file_id.diz
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw332.zip
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw331.zip
[2012/12/28 14:47:59 | 002,569,756 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw333.zip
[2012/12/20 14:51:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/19 17:43:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/18 14:50:29 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/18 14:50:29 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 12:24:57 | 009,852,907 | ---- | C] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2012/12/17 12:24:56 | 010,301,895 | ---- | C] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 12:24:56 | 008,082,517 | ---- | C] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 12:24:56 | 007,776,387 | ---- | C] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 12:24:56 | 007,672,196 | ---- | C] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/17 11:55:07 | 000,512,786 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/12/17 11:55:07 | 000,510,317 | ---- | C] () -- C:\Windows\SysNative\netathr.inf
[2012/12/17 11:55:07 | 000,326,379 | ---- | C] () -- C:\Windows\SysNative\athw8x.inf
[2012/12/17 11:55:07 | 000,324,816 | ---- | C] () -- C:\Windows\SysNative\athw8.inf
[2012/12/17 11:55:07 | 000,079,352 | ---- | C] () -- C:\Windows\SysNative\athw8x.cat
[2012/12/17 11:55:07 | 000,079,342 | ---- | C] () -- C:\Windows\SysNative\athw8.cat
[2012/12/17 11:55:07 | 000,077,253 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/12/17 11:55:07 | 000,077,249 | ---- | C] () -- C:\Windows\SysNative\athrext.cat
[2012/12/15 12:13:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 11:58:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/12/14 05:27:23 | 000,820,939 | ---- | C] () -- C:\Windows\Fix_V4.exe
[2012/12/03 20:38:22 | 000,000,437 | ---- | C] () -- C:\ProgramData\xsupplicant.conf
[2012/12/03 15:54:42 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/12/03 15:38:24 | 000,001,009 | ---- | C] () -- C:\Users\Jake\Desktop\QuickPar.lnk
[2012/12/03 15:20:06 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/12/02 21:13:45 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001UA.job
[2012/12/02 21:13:44 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001Core.job
[2012/12/01 01:46:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/11/30 17:39:53 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/30 17:32:18 | 000,000,993 | ---- | C] () -- C:\Users\Jake\Desktop\SABnzbd.lnk
[2012/11/30 16:27:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/30 16:06:18 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/11/30 07:16:00 | 000,002,291 | ---- | C] () -- C:\Users\Jake\Desktop\Google Chrome.lnk
[2012/11/30 07:15:34 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 07:15:33 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 07:14:29 | 000,001,426 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/30 07:10:45 | 000,000,380 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2012/11/30 07:10:05 | 000,001,432 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/30 07:07:45 | 000,000,352 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/30 07:07:45 | 000,000,334 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/22 06:13:17 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/22 06:13:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/22 06:13:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/04 19:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 19:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/08/04 01:53:42 | 000,164,016 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 18:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 14:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 14:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/10/11 10:37:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 21:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 21:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




And the Extras.txt:

OTL Extras logfile created on: 1/5/2013 2:02:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 74.61% Memory free
11.89 Gb Paging File | 10.19 Gb Available in Paging File | 85.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 96.26 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1540F701-12F1-45CC-ACB0-5734FBA99C27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2490A9F5-B787-4E11-909C-DD87D20D7112}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{269EBA34-B2D3-44C8-A2F0-9D7F76E727D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2905E704-3EDE-4964-8913-B8AE7F33A863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2A757976-0F67-4637-AE4D-96320632CE6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{31030113-2011-4DF6-BDFC-FDD92792C36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32208922-D827-45EA-9DBE-01C3831C3391}" = rport=139 | protocol=6 | dir=out | app=system |
"{38E66A6A-F854-4E59-99DD-C0E74F32B79F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C1DBE5-5D50-400D-8025-B60C86C80BC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CA6F741-99FD-48FF-B305-044A67DB1AED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{745F9A61-5FE2-4BE8-BA8E-41767AAB2603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{756B2D3A-7890-497D-88D2-0A334F10BD47}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED12473-D930-4524-9E7D-1C5A4B509B75}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F12660F-CBAB-4CFA-84E3-8476810AFCEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{81166DE9-ACCF-459A-8AE6-BF66284868AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8135B68F-7BF5-41E3-B1AC-E79469A8200A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88E70BAF-AA08-412A-99BB-BF9A11FA93C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EFA234F-1474-42C6-ADBD-90A9B740EA05}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4CE5C79-BC99-44D5-B112-8F9B44582695}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9523384-5E80-47D3-A874-8FD081761B48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C9C72725-85C7-4646-BDBF-78EFAA897604}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCDDEDDF-D808-4E9D-9651-5F4546292FCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0BCB19-C7F8-47B6-834F-4C687AC55877}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA2FB44-24CA-47BD-BB06-59B6E236A550}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C74339-650E-4BC4-B501-CB6365F21850}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{095ACFDC-F36E-4C11-8898-3E629576AC1A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09E37BE3-17E6-48F2-80E4-085571AE8366}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{104092C0-C594-4F56-9AAE-3F9EA6EF5432}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10D56B12-8653-4012-A0B4-F66641916480}" = dir=in | name=music info |
"{151E8670-F970-48A5-A537-1914AA8EA747}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16BD20B7-0220-49A1-B37A-3BD8082B2D70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E76938-D68A-45BF-AEB6-CE9D01E0B819}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{1862798E-A387-4F29-BB56-AD2D25EF4339}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{18E6A1AF-4F37-4E35-84A0-9916109225C3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{19C628EC-D591-4433-AEE3-5CA469C96CC3}" = dir=out | name=windows_ie_ac_001 |
"{2134F3B3-70DB-4961-BBE0-20DE910EEB74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{219C0532-AA25-4A53-9269-B45C21905951}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{240A0261-A1EC-44FE-BCBA-46FFE134E838}" = dir=out | name=music info |
"{2446E9F8-A703-4DE8-B19F-7BD298B7C31C}" = protocol=6 | dir=out | app=system |
"{27DCAE8E-94EA-4797-8DB1-44276077B660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF7E7BF-6B8A-4376-8A82-A2C90091FB20}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C67FD72-E3E6-48D5-9B97-909815A48892}" = dir=out | name=taptiles |
"{2EFF51D0-2E98-4DF4-9122-9F3A68DA1A17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3097137B-086C-4F96-9BD3-ACCA7502DC1E}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{33551323-9250-4398-B6B4-F84330BE038A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{35404EAF-A9CA-466E-AA82-A85FD5FAE277}" = dir=out | name=adera |
"{35958DF7-8C26-4009-9C66-B19A9D22C914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{365F3FCF-7283-42CB-A63B-29018AE95D2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{36CE5959-7568-4969-B3CF-0A20D83549AB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3A4850E9-4179-4374-9AE7-8B427BAD4E0D}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{3BBB0D51-BE05-41E6-8AA3-4C1EEB99C7B3}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3C83B10A-245B-48F5-A115-960370AF5DF0}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CFA8DE9-AF66-4505-90F4-5DB33821A579}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3F473173-33FE-44A5-9039-3F5DF65363CD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{411C13AF-9C53-4A76-A267-2DB2DEE0B2BC}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{48E9222E-25AF-40A1-B7E4-7E6CF6070D73}" = dir=out | name=fresh paint |
"{4C7EECB2-AFF1-430C-98FD-1B22C43CD71E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C8229DA-F178-4FD2-8706-7F6C673F0EA9}" = dir=out | name=metrotwit |
"{50E925D3-5C54-411C-8FF8-D4386F46E0BE}" = protocol=17 | dir=in | app=c:\users\jake\appdata\roaming\utorrent\utorrent.exe |
"{545C5640-8085-42ED-A713-616B1F0491D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{575EFD41-F307-4D04-8394-B1DCC370EE35}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5A943F50-63F2-491A-A1B1-714C316C931A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3D201D-48FF-436F-ABC3-7D1F15954846}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D6C8104-CD1B-4FA1-AAFB-1561E1FB550E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F48689E-3DA0-434D-86EB-174328A3BD63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{60DB3CE1-2BB9-4195-B714-4D9573F3F042}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6469C2C9-5001-4B22-BD4F-AD32B9730332}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{667DE111-73AB-4FEB-AE1E-CFD1641E4853}" = dir=in | name=skype |
"{674ECD4A-38D6-43C1-95FD-CD9BA489AE95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6839D05F-02F0-459A-AC9A-4209EAF0F8E7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{69B34750-308E-4342-ACD0-DB9E16BE9B07}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{69B978DA-3A2D-4DBB-86B7-B2C5F9FA8613}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{69C817A5-43A5-4CD4-BBB5-672903F0F771}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{71F3EE54-4EA9-4446-A7AD-9A7EF230CDA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{730B7CF3-81CF-4C3D-9CB3-C056FBB50935}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{74D3AB0C-0BBF-423D-B635-E017693F2606}" = protocol=6 | dir=in | app=c:\users\jake\appdata\roaming\utorrent\utorrent.exe |
"{7C2A4E86-C08F-4872-86AD-E801FBC499AD}" = dir=out | name=hp printer control |
"{7DD8F304-08FD-4CA5-8DF5-070BE4CF2362}" = dir=out | name=the espn app |
"{7E80189F-EDD0-475B-BDA4-5F5F5EA887D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{7EFF1F1D-4395-4D85-B4A6-C8E13E0FA883}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8270B059-B6D8-4C44-BA59-FAE6FED48500}" = dir=out | name=adera |
"{840BEF54-EC42-47BF-8DE2-9B1279A69D49}" = dir=out | name=youtube+ |
"{8C384290-8E33-4E8C-8887-01273911394D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8FEAEBAF-6545-4F3E-822E-DB735F2E94F4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{93DC039B-29E3-4096-A67D-9561E226D252}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{962A824B-A7E8-4B37-B412-2867AB6296F8}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{985DC4AE-9013-4A09-B6DE-88D8B18353F3}" = dir=out | name=package tracker |
"{9876B466-55AC-4D21-A29B-F7E536560CA4}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{990E9BD4-2A9A-4C88-BCEB-672FE95F8C2D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9BF0567C-BB73-44AC-B771-B65EDBF66833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D410023-2CD9-44A8-ADB0-EADFC808DF15}" = dir=in | name=hp printer control |
"{9E21C2CA-B355-4B4B-847A-1AA511051747}" = dir=out | name=fresh paint |
"{A0E1BA66-BC6E-486D-AB23-BA9677ECE185}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A28E52E5-607D-4DB1-8B98-0EA8772553B5}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A3CDB21C-1A90-4777-A156-9058558EA266}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A6136EA5-CA1D-4AC6-855B-27E537986499}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A89116CC-E0C8-4A29-8E03-D8C3F8C8B7BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8F395B9-698D-4E95-870B-A77F41211EBD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{AFE541FC-2412-43A2-B5C4-D108F2F004FA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B008E422-D4BD-475E-8541-E06EF0E4B925}" = dir=in | name=metrotwit |
"{B3578998-4AB6-4794-986C-8B99E8416670}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B48E3060-89C4-4AC4-B13A-421784B1B80F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B4BEB786-3C2C-4DF6-A7A9-7ABDC36BA11F}" = dir=out | name=skype |
"{B4E835A5-E4B1-4F3E-A900-E6A04F36670D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B4FE0A61-5B17-4AA0-92C5-A751FEFDD5E0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BA1C6FA2-9B19-4C12-83D7-358FD1143BCA}" = dir=out | name=microsoft solitaire collection |
"{C8B8E69B-633E-4447-9DBB-E353372225C4}" = dir=out | name=microsoft solitaire collection |
"{C9BADF9E-CB12-424E-8324-B4CE7B5B9C1B}" = dir=out | name=wordament |
"{CCDD9849-A8A7-421F-8971-B498696DA447}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDCD2DC4-8606-4C74-B5CD-23FEC5D7044C}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D61225A7-7A29-429A-AA0F-6F0BF8688C59}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D78E0979-E6EE-439D-A513-3C5D06BA9ED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA1F95BA-F52D-4932-95E8-032BAF3E7808}" = dir=in | app=c:\users\jake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DB0C2060-1450-4661-BA81-1DA36238E244}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E3920BA3-DDDD-46B4-BC8C-E1A6E06201F1}" = dir=out | name=taptiles |
"{E4552764-C06C-485D-B6DF-61178CDAAA66}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA1A249A-A17F-40EC-A7FB-068249295D6C}" = dir=out | name=wordament |
"{EC2415CE-BB67-4EB0-B413-67E50643F66C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EF5E1F7C-86E5-4597-849D-BC3849D3943A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F2E876EB-3C0E-411F-9C9A-989129010FD0}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{F3D0B42D-4263-4B5A-B787-531B13F53078}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F5B59A88-539D-4183-9358-F29A541923FB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F84A3330-D771-4464-BC49-44FF72ACA9E7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD54378B-2EE2-4622-A89A-9615D88231EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD8D71CA-1DE0-4F76-9F8B-9B3C49D1F7C7}" = dir=out | name=forecast hd |
"{FDC8986F-6206-4A2E-91C4-5FA8107ADE9B}" = dir=in | name=the espn app |
"{FEFEE79E-8300-41EE-A24B-B5E97891E3B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{055846D7-9D89-4BDF-A457-E9C7D47A0992}C:\program files\airparrot\airparrot.exe" = protocol=6 | dir=in | app=c:\program files\airparrot\airparrot.exe |
"UDP Query User{DFADBD06-B570-41D0-86C5-8963047B6551}C:\program files\airparrot\airparrot.exe" = protocol=17 | dir=in | app=c:\program files\airparrot\airparrot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7B78D802-8704-49D3-A9BD-3B4A94C5A35C}" = iLoad
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1" = ¿ìÓÃ×ÊÔ´¹ÜÀíÆ÷ °æ±¾ 2.009
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0
"{3D47B2C0-8748-4450-99AE-0746A5A74C8E}" = Binreader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickPar" = QuickPar 0.9
"SABnzbd" = SABnzbd 0.7.6
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.8
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"wpa_supplicant" = wpa_supplicant

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2013 8:18:56 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2013 8:18:56 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2182890

Error - 1/2/2013 8:18:56 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2182890

Error - 1/2/2013 9:29:27 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2013 9:29:27 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1922

Error - 1/2/2013 9:29:27 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1922

Error - 1/2/2013 9:30:17 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2013 9:30:17 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 52485

Error - 1/2/2013 9:30:17 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 52485

Error - 1/3/2013 12:24:02 AM | Computer Name = Jake-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.2.9200.16384,
time stamp: 0x50107dbc Faulting module name: ntdll.dll, version: 6.2.9200.16384,
time stamp: 0x5010acd2 Exception code: 0xc0000374 Fault offset: 0x00000000000ea2b9
Faulting
process id: 0x1ff8 Faulting application start time: 0x01cde8f88cde44cd Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 664b1a00-555d-11e2-be78-50465de562ed Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 12/17/2012 11:27:46 AM | Computer Name = Jake-Laptop | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 48. The Windows SChannel error state is 552.

Error - 12/17/2012 11:27:46 AM | Computer Name = Jake-Laptop | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Service Control Manager | ID = 7000
Description = The DhaHelper service failed to start due to the following error:
%%1275

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:59:23 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/24/2012 10:09:05 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =


< End of report >
  • 0

#10
DonnaB
Posted 05 January 2013 - 05:33 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Sorry for the delay. Had to take care of some family business. I'm looking over the logs now and they do take time to research. I'll post back with further instructions as soon as possible.

Thank you for your patience.

Donna :)
  • 0

Advertisements

#11
xirftwx
Posted 06 January 2013 - 12:44 AM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi xirftwx,

Sorry for the delay. Had to take care of some family business. I'm looking over the logs now and they do take time to research. I'll post back with further instructions as soon as possible.

Thank you for your patience.

Donna :)


Donna, no worries! I am in no rush whatsoever :thumbsup: . You are already being very generous with your time and I can assure you that your time is valued greatly :happy:
  • 0

#12
DonnaB
Posted 06 January 2013 - 08:23 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi xirftwx,

Please follow the instructions provided below:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (????????????) -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe
SRV:64bit: - [2012/11/27 14:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV - [2012/12/12 17:57:16 | 000,140,128 | ---- | M] (????????????) [Auto | Running] -- C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe -- (KYDeviceServer)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD)
[2012/12/18 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Firefox\Profiles\jvx0pveo.default\extensions
[2012/12/18 14:51:21 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\firefox\profiles\jvx0pveo.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2013/01/04 23:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/01/03 23:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013/01/02 22:22:59 | 000,000,000 | ---D | C] -- C:\Windows\DRM
[2013/01/02 22:22:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\kuaiyong
[2013/01/02 22:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ
[2013/01/02 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong
[2012/12/15 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2012/11/30 15:35:48 | 000,118,272 | ---- | C] (DeadPihto) -- C:\Windows\SysNative\wsservice_crk.dll
[2012/11/30 07:16:00 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\uTorrent
[2013/01/03 23:17:55 | 000,000,969 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/03 23:17:55 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/01/02 22:22:28 | 000,001,051 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2012/11/27 14:56:28 | 000,118,272 | ---- | M] (DeadPihto) -- C:\Windows\SysNative\wsservice_crk.dll
[2013/01/03 23:17:55 | 000,000,969 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/03 23:17:55 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/01/02 22:22:28 | 000,001,051 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk
[2013/01/02 22:22:28 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{50E925D3-5C54-411C-8FF8-D4386F46E0BE}"=-
"{74D3AB0C-0BBF-423D-B635-E017693F2606}"=-
"{AFE541FC-2412-43A2-B5C4-D108F2F004FA}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1"=- 
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1"=-
"uTorrent"=-

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top.
  • Let the program run uninterrupted, reboot the PC when it is done.
  • Post the fix log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and place a checkmark in the little dial button to the left of All under the Extra Registry section.
  • Click the Run Scan button. Post the log it produces in your next reply.

In your next reply, please post the following logs:

Fix log
OTL.Txt
Extras.txt

Thank you,

Donna :)
  • 0

#13
xirftwx
Posted 06 January 2013 - 09:53 AM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Donna, upon restart I must note that none of my desktop icons were visible. This was fixed by killing explorer.exe and restarting it via command prompt.

Fix Log:

All processes killed
========== OTL ==========
Process KYDeviceServer.exe killed successfully!
Service WSServiceCrk stopped successfully!
Service WSServiceCrk deleted successfully!
C:\Windows\SysNative\wsservice_crk.dll moved successfully.
Service KYDeviceServer stopped successfully!
Service KYDeviceServer deleted successfully!
C:\Program Files (x86)\kuaiyong\DRM\KYDeviceServer.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1\ deleted successfully.
C:\Program Files (x86)\kuaiyong\np_kyplugin.dll moved successfully.
C:\Users\Jake\AppData\Roaming\mozilla\Firefox\Profiles\jvx0pveo.default\extensions folder moved successfully.
File C:\Users\Jake\AppData\Roaming\mozilla\firefox\profiles\jvx0pveo.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi not found.
C:\ProgramData\boost_interprocess\20130104234527.495893 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Program Files (x86)\uTorrent folder moved successfully.
C:\Windows\DRM folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\ui.script folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_search\search_7403d4638842a330bdde846588898d49_iphone folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_search folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_kysearch_24search_iphone folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_ipabase folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_ipa\4 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache\cache_ipa folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\webcache folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\update folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\94 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\93 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\92 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\90 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\84 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\83 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\82 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\81 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\80 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\78 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\76 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\74 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\71 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\70 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\69 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\68 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\62 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\61 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\55 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\52 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\51 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\38 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\29 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\28 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\24 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\21 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\2 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\18 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\12 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\11 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache\0 folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\imagecache folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\DRM folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\downloadipa folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache\appledriver folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong\datacache folder moved successfully.
C:\Users\Jake\AppData\Roaming\kuaiyong folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ folder moved successfully.
C:\Program Files (x86)\kuaiyong\ipatch folder moved successfully.
C:\Program Files (x86)\kuaiyong\DRM\icon folder moved successfully.
C:\Program Files (x86)\kuaiyong\DRM\DRMTmp\8C32FA2C3FCA4f81AE7975E9A983D60C folder moved successfully.
C:\Program Files (x86)\kuaiyong\DRM\DRMTmp folder moved successfully.
C:\Program Files (x86)\kuaiyong\DRM folder moved successfully.
C:\Program Files (x86)\kuaiyong\download folder moved successfully.
C:\Program Files (x86)\kuaiyong\Apps\kyapp folder moved successfully.
C:\Program Files (x86)\kuaiyong\Apps folder moved successfully.
C:\Program Files (x86)\kuaiyong folder moved successfully.
C:\Users\Jake\AppData\Roaming\redsn0w\shsh folder moved successfully.
C:\Users\Jake\AppData\Roaming\redsn0w\resources folder moved successfully.
C:\Users\Jake\AppData\Roaming\redsn0w folder moved successfully.
File C:\Windows\SysNative\wsservice_crk.dll not found.
C:\Users\Jake\AppData\Roaming\uTorrent\updates folder moved successfully.
C:\Users\Jake\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Jake\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Jake\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Jake\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Jake\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.
C:\Users\Public\Desktop\µTorrent.lnk moved successfully.
C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk moved successfully.
C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk moved successfully.
File C:\Windows\SysNative\wsservice_crk.dll not found.
File C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk not found.
File C:\Users\Public\Desktop\µTorrent.lnk not found.
File C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\¿ìÓÃÆ»¹ûÖúÊÖ.lnk not found.
File C:\Users\Public\Desktop\¿ìÓÃÆ»¹ûÖúÊÖ.lnk not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50E925D3-5C54-411C-8FF8-D4386F46E0BE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50E925D3-5C54-411C-8FF8-D4386F46E0BE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74D3AB0C-0BBF-423D-B635-E017693F2606} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74D3AB0C-0BBF-423D-B635-E017693F2606}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFE541FC-2412-43A2-B5C4-D108F2F004FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFE541FC-2412-43A2-B5C4-D108F2F004FA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\uTorrent not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: I_R_F_000
->Temp folder emptied: 1592637 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: Jake
->Temp folder emptied: 36745496 bytes
->Temporary Internet Files folder emptied: 82635754 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91741889 bytes
->Google Chrome cache emptied: 354388326 bytes
->Flash cache emptied: 1008 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3618304 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119165039 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 11210860532 bytes

Total Files Cleaned = 11,349.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01062013_093217

Files\Folders moved on Reboot...
C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL.txt:

OTL logfile created on: 1/6/2013 9:42:49 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.78 Gb Available Physical Memory | 81.15% Memory free
11.89 Gb Paging File | 10.69 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 106.60 Gb Free Space | 38.15% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/06 15:56:12 | 001,126,784 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/08/03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/20 18:21:54 | 001,557,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/01 17:54:22 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 17:08:12 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2012/11/30 17:08:08 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2012/11/30 17:08:06 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2012/11/30 17:01:16 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2012/11/30 17:01:09 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2012/11/30 17:01:08 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\0823f2b72e9e64ed1c4561c58df5de48\PresentationFramework.Aero2.ni.dll
MOD - [2012/11/30 17:01:07 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2012/11/30 17:00:57 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2012/11/30 17:00:51 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2012/11/30 17:00:42 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2012/11/30 17:00:36 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/25 22:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 21:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/16 15:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/03 01:53:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/16 02:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/16 00:01:20 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/01 21:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 23:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 23:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 23:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 22:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 22:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 22:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 20:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/23 21:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 00:09:08 | 000,295,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 08:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 08:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 21:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/12/14 21:11:00 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/18 14:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/12/18 14:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Extensions
[2012/12/18 14:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JVX0PVEO.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Facebook\u2122 Video Downloader = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0\
CHR - Extension: Show Me Emoji!! = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfaljehflmoakhcfdopplgbieldgknai\2.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.5_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662761F4-8EF4-4BA6-8244-B01E81BD8AD8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB39B49-F201-42D0-95E3-005C9D937860}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell\AutoRun\command - "" = "G:\TL-Bootstrap.exe"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\AutoRun\command - "" = "F:\SETUP.EXE"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 09:32:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/03 19:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/02 20:54:20 | 000,037,376 | ---- | C] (Microsoft) -- C:\Users\Jake\Desktop\FastVisits.exe
[2012/12/30 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Programs
[2012/12/28 14:48:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Macromedia
[2012/12/28 14:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Rogue Amoeba
[2012/12/28 14:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airfoil
[2012/12/20 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\The Office
[2012/12/20 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binreader
[2012/12/20 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ScriptPower OHG
[2012/12/20 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad
[2012/12/20 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad
[2012/12/20 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Paloma Networks, Inc
[2012/12/20 14:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\School
[2012/12/19 20:32:40 | 000,007,168 | ---- | C] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) -- C:\Windows\SysWow64\drivers\dhahelper.sys
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0_x86.dll
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012/12/19 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiLP
[2012/12/19 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK2-Runtime
[2012/12/19 18:22:26 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\Windows\SysNative\drivers\tiehdusb.sys
[2012/12/19 18:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\MyTIData
[2012/12/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/19 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Malwarebytes
[2012/12/19 17:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/19 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/19 17:43:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/19 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/18 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Adobe
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Mozilla
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Mozilla
[2012/12/18 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/17 11:55:07 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/12/17 11:55:07 | 003,618,304 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8x.sys
[2012/12/17 11:55:07 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athr.sys
[2012/12/17 11:55:07 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8.sys
[2012/12/17 11:54:30 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8.sys
[2012/12/17 11:54:13 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athr.sys
[2012/12/17 11:54:04 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/12/17 09:20:20 | 003,624,960 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8x.sys
[2012/12/17 09:19:49 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/12/15 12:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 12:13:32 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/12/15 12:13:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/12/15 12:13:32 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/15 12:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/15 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apple
[2012/12/15 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/12/15 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/12/15 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/13 14:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLeecher
[2012/12/13 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewsLeecher
[2012/12/13 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Newsbin
[2012/12/12 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\NZBS
[2012/12/12 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Newsbin
[2012/12/10 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\UseNeXT
[2012/12/08 07:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

========== Files - Modified Within 30 Days ==========

[2013/01/06 09:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 09:35:40 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/06 09:35:38 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 09:35:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/06 09:35:08 | 763,088,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 09:20:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/06 09:18:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001UA.job
[2013/01/06 02:04:06 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/06 02:04:06 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/06 02:04:06 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/06 00:39:17 | 000,000,380 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2013/01/05 21:18:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001Core.job
[2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:28 | 602,104,621 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:23:00 | 000,007,315 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:59 | 000,727,737 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/01 17:44:01 | 000,494,280 | ---- | M] () -- C:\Users\Jake\Desktop\song.png
[2012/12/30 17:57:50 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/24 19:59:58 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:51:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/18 14:50:30 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 18:04:16 | 010,301,895 | ---- | M] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 01:38:04 | 008,082,517 | ---- | M] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 01:27:16 | 007,776,387 | ---- | M] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 01:13:15 | 007,672,196 | ---- | M] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/15 12:13:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 23:00:34 | 009,852,907 | ---- | M] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a

========== Files Created - No Company Name ==========

[2013/01/03 19:24:28 | 602,104,621 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:22:59 | 000,727,737 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:59 | 000,007,315 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/01 17:44:01 | 000,494,280 | ---- | C] () -- C:\Users\Jake\Desktop\song.png
[2012/12/28 14:48:33 | 008,756,136 | ---- | C] () -- C:\Users\Jake\Desktop\AirfoilInstaller.exe
[2012/12/28 14:48:26 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r00
[2012/12/28 14:48:22 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.rar
[2012/12/28 14:48:17 | 002,568,576 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r01
[2012/12/28 14:48:17 | 000,003,658 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.nfo
[2012/12/28 14:48:17 | 000,000,280 | ---- | C] () -- C:\Users\Jake\Desktop\file_id.diz
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw332.zip
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw331.zip
[2012/12/28 14:47:59 | 002,569,756 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw333.zip
[2012/12/20 14:51:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/19 17:43:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/18 14:50:29 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/18 14:50:29 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 12:24:57 | 009,852,907 | ---- | C] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2012/12/17 12:24:56 | 010,301,895 | ---- | C] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 12:24:56 | 008,082,517 | ---- | C] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 12:24:56 | 007,776,387 | ---- | C] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 12:24:56 | 007,672,196 | ---- | C] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/17 11:55:07 | 000,512,786 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/12/17 11:55:07 | 000,510,317 | ---- | C] () -- C:\Windows\SysNative\netathr.inf
[2012/12/17 11:55:07 | 000,326,379 | ---- | C] () -- C:\Windows\SysNative\athw8x.inf
[2012/12/17 11:55:07 | 000,324,816 | ---- | C] () -- C:\Windows\SysNative\athw8.inf
[2012/12/17 11:55:07 | 000,079,352 | ---- | C] () -- C:\Windows\SysNative\athw8x.cat
[2012/12/17 11:55:07 | 000,079,342 | ---- | C] () -- C:\Windows\SysNative\athw8.cat
[2012/12/17 11:55:07 | 000,077,253 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/12/17 11:55:07 | 000,077,249 | ---- | C] () -- C:\Windows\SysNative\athrext.cat
[2012/12/15 12:13:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 11:58:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/12/14 05:27:23 | 000,820,939 | ---- | C] () -- C:\Windows\Fix_V4.exe
[2012/12/03 20:38:22 | 000,000,437 | ---- | C] () -- C:\ProgramData\xsupplicant.conf
[2012/11/30 07:10:45 | 000,000,380 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2012/08/22 06:13:17 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/22 06:13:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/22 06:13:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/04 19:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 19:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/08/04 01:53:42 | 000,164,016 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 18:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 14:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 14:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/10/11 10:37:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 21:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 21:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Extras.txt:

OTL Extras logfile created on: 1/6/2013 9:42:49 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.78 Gb Available Physical Memory | 81.15% Memory free
11.89 Gb Paging File | 10.69 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 106.60 Gb Free Space | 38.15% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1540F701-12F1-45CC-ACB0-5734FBA99C27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2490A9F5-B787-4E11-909C-DD87D20D7112}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{269EBA34-B2D3-44C8-A2F0-9D7F76E727D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2905E704-3EDE-4964-8913-B8AE7F33A863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2A757976-0F67-4637-AE4D-96320632CE6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{31030113-2011-4DF6-BDFC-FDD92792C36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32208922-D827-45EA-9DBE-01C3831C3391}" = rport=139 | protocol=6 | dir=out | app=system |
"{38E66A6A-F854-4E59-99DD-C0E74F32B79F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C1DBE5-5D50-400D-8025-B60C86C80BC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CA6F741-99FD-48FF-B305-044A67DB1AED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{745F9A61-5FE2-4BE8-BA8E-41767AAB2603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{756B2D3A-7890-497D-88D2-0A334F10BD47}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED12473-D930-4524-9E7D-1C5A4B509B75}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F12660F-CBAB-4CFA-84E3-8476810AFCEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{81166DE9-ACCF-459A-8AE6-BF66284868AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8135B68F-7BF5-41E3-B1AC-E79469A8200A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88E70BAF-AA08-412A-99BB-BF9A11FA93C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EFA234F-1474-42C6-ADBD-90A9B740EA05}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4CE5C79-BC99-44D5-B112-8F9B44582695}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9523384-5E80-47D3-A874-8FD081761B48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C9C72725-85C7-4646-BDBF-78EFAA897604}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCDDEDDF-D808-4E9D-9651-5F4546292FCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0BCB19-C7F8-47B6-834F-4C687AC55877}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA2FB44-24CA-47BD-BB06-59B6E236A550}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C74339-650E-4BC4-B501-CB6365F21850}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{095ACFDC-F36E-4C11-8898-3E629576AC1A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09E37BE3-17E6-48F2-80E4-085571AE8366}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{104092C0-C594-4F56-9AAE-3F9EA6EF5432}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10D56B12-8653-4012-A0B4-F66641916480}" = dir=in | name=music info |
"{151E8670-F970-48A5-A537-1914AA8EA747}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16BD20B7-0220-49A1-B37A-3BD8082B2D70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E76938-D68A-45BF-AEB6-CE9D01E0B819}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{1862798E-A387-4F29-BB56-AD2D25EF4339}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{18E6A1AF-4F37-4E35-84A0-9916109225C3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{19C628EC-D591-4433-AEE3-5CA469C96CC3}" = dir=out | name=windows_ie_ac_001 |
"{2134F3B3-70DB-4961-BBE0-20DE910EEB74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{219C0532-AA25-4A53-9269-B45C21905951}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{240A0261-A1EC-44FE-BCBA-46FFE134E838}" = dir=out | name=music info |
"{2446E9F8-A703-4DE8-B19F-7BD298B7C31C}" = protocol=6 | dir=out | app=system |
"{27DCAE8E-94EA-4797-8DB1-44276077B660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF7E7BF-6B8A-4376-8A82-A2C90091FB20}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C67FD72-E3E6-48D5-9B97-909815A48892}" = dir=out | name=taptiles |
"{2EFF51D0-2E98-4DF4-9122-9F3A68DA1A17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3097137B-086C-4F96-9BD3-ACCA7502DC1E}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{33551323-9250-4398-B6B4-F84330BE038A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{35404EAF-A9CA-466E-AA82-A85FD5FAE277}" = dir=out | name=adera |
"{35958DF7-8C26-4009-9C66-B19A9D22C914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{365F3FCF-7283-42CB-A63B-29018AE95D2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{36CE5959-7568-4969-B3CF-0A20D83549AB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3A4850E9-4179-4374-9AE7-8B427BAD4E0D}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{3BBB0D51-BE05-41E6-8AA3-4C1EEB99C7B3}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3C83B10A-245B-48F5-A115-960370AF5DF0}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CFA8DE9-AF66-4505-90F4-5DB33821A579}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3F473173-33FE-44A5-9039-3F5DF65363CD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{411C13AF-9C53-4A76-A267-2DB2DEE0B2BC}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{48E9222E-25AF-40A1-B7E4-7E6CF6070D73}" = dir=out | name=fresh paint |
"{4C7EECB2-AFF1-430C-98FD-1B22C43CD71E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C8229DA-F178-4FD2-8706-7F6C673F0EA9}" = dir=out | name=metrotwit |
"{545C5640-8085-42ED-A713-616B1F0491D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{575EFD41-F307-4D04-8394-B1DCC370EE35}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5A943F50-63F2-491A-A1B1-714C316C931A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3D201D-48FF-436F-ABC3-7D1F15954846}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D6C8104-CD1B-4FA1-AAFB-1561E1FB550E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F48689E-3DA0-434D-86EB-174328A3BD63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{60DB3CE1-2BB9-4195-B714-4D9573F3F042}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6469C2C9-5001-4B22-BD4F-AD32B9730332}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{667DE111-73AB-4FEB-AE1E-CFD1641E4853}" = dir=in | name=skype |
"{674ECD4A-38D6-43C1-95FD-CD9BA489AE95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6839D05F-02F0-459A-AC9A-4209EAF0F8E7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{69B34750-308E-4342-ACD0-DB9E16BE9B07}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{69B978DA-3A2D-4DBB-86B7-B2C5F9FA8613}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{69C817A5-43A5-4CD4-BBB5-672903F0F771}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{71F3EE54-4EA9-4446-A7AD-9A7EF230CDA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{730B7CF3-81CF-4C3D-9CB3-C056FBB50935}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{7C2A4E86-C08F-4872-86AD-E801FBC499AD}" = dir=out | name=hp printer control |
"{7DD8F304-08FD-4CA5-8DF5-070BE4CF2362}" = dir=out | name=the espn app |
"{7E80189F-EDD0-475B-BDA4-5F5F5EA887D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{7EFF1F1D-4395-4D85-B4A6-C8E13E0FA883}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8270B059-B6D8-4C44-BA59-FAE6FED48500}" = dir=out | name=adera |
"{840BEF54-EC42-47BF-8DE2-9B1279A69D49}" = dir=out | name=youtube+ |
"{8C384290-8E33-4E8C-8887-01273911394D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8FEAEBAF-6545-4F3E-822E-DB735F2E94F4}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{93DC039B-29E3-4096-A67D-9561E226D252}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{962A824B-A7E8-4B37-B412-2867AB6296F8}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{985DC4AE-9013-4A09-B6DE-88D8B18353F3}" = dir=out | name=package tracker |
"{9876B466-55AC-4D21-A29B-F7E536560CA4}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{990E9BD4-2A9A-4C88-BCEB-672FE95F8C2D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9BF0567C-BB73-44AC-B771-B65EDBF66833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D410023-2CD9-44A8-ADB0-EADFC808DF15}" = dir=in | name=hp printer control |
"{9E21C2CA-B355-4B4B-847A-1AA511051747}" = dir=out | name=fresh paint |
"{A0E1BA66-BC6E-486D-AB23-BA9677ECE185}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A28E52E5-607D-4DB1-8B98-0EA8772553B5}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A3CDB21C-1A90-4777-A156-9058558EA266}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A6136EA5-CA1D-4AC6-855B-27E537986499}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A89116CC-E0C8-4A29-8E03-D8C3F8C8B7BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8F395B9-698D-4E95-870B-A77F41211EBD}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B008E422-D4BD-475E-8541-E06EF0E4B925}" = dir=in | name=metrotwit |
"{B3578998-4AB6-4794-986C-8B99E8416670}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B48E3060-89C4-4AC4-B13A-421784B1B80F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B4BEB786-3C2C-4DF6-A7A9-7ABDC36BA11F}" = dir=out | name=skype |
"{B4E835A5-E4B1-4F3E-A900-E6A04F36670D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B4FE0A61-5B17-4AA0-92C5-A751FEFDD5E0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BA1C6FA2-9B19-4C12-83D7-358FD1143BCA}" = dir=out | name=microsoft solitaire collection |
"{C8B8E69B-633E-4447-9DBB-E353372225C4}" = dir=out | name=microsoft solitaire collection |
"{C9BADF9E-CB12-424E-8324-B4CE7B5B9C1B}" = dir=out | name=wordament |
"{CCDD9849-A8A7-421F-8971-B498696DA447}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDCD2DC4-8606-4C74-B5CD-23FEC5D7044C}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D61225A7-7A29-429A-AA0F-6F0BF8688C59}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D78E0979-E6EE-439D-A513-3C5D06BA9ED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA1F95BA-F52D-4932-95E8-032BAF3E7808}" = dir=in | app=c:\users\jake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DB0C2060-1450-4661-BA81-1DA36238E244}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E3920BA3-DDDD-46B4-BC8C-E1A6E06201F1}" = dir=out | name=taptiles |
"{E4552764-C06C-485D-B6DF-61178CDAAA66}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA1A249A-A17F-40EC-A7FB-068249295D6C}" = dir=out | name=wordament |
"{EC2415CE-BB67-4EB0-B413-67E50643F66C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EF5E1F7C-86E5-4597-849D-BC3849D3943A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F2E876EB-3C0E-411F-9C9A-989129010FD0}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{F3D0B42D-4263-4B5A-B787-531B13F53078}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F5B59A88-539D-4183-9358-F29A541923FB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F84A3330-D771-4464-BC49-44FF72ACA9E7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD54378B-2EE2-4622-A89A-9615D88231EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD8D71CA-1DE0-4F76-9F8B-9B3C49D1F7C7}" = dir=out | name=forecast hd |
"{FDC8986F-6206-4A2E-91C4-5FA8107ADE9B}" = dir=in | name=the espn app |
"{FEFEE79E-8300-41EE-A24B-B5E97891E3B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{055846D7-9D89-4BDF-A457-E9C7D47A0992}C:\program files\airparrot\airparrot.exe" = protocol=6 | dir=in | app=c:\program files\airparrot\airparrot.exe |
"UDP Query User{DFADBD06-B570-41D0-86C5-8963047B6551}C:\program files\airparrot\airparrot.exe" = protocol=17 | dir=in | app=c:\program files\airparrot\airparrot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7B78D802-8704-49D3-A9BD-3B4A94C5A35C}" = iLoad
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1" = ¿ìÓÃ×ÊÔ´¹ÜÀíÆ÷ °æ±¾ 2.009
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0
"{3D47B2C0-8748-4450-99AE-0746A5A74C8E}" = Binreader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickPar" = QuickPar 0.9
"SABnzbd" = SABnzbd 0.7.6
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.8
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"wpa_supplicant" = wpa_supplicant

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2013 2:24:43 AM | Computer Name = Jake-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: backgroundTaskHost.exe, version: 6.2.9200.16384,
time stamp: 0x5010a827 Faulting module name: clr.dll, version: 4.0.30319.17929,
time stamp: 0x4ffa59b1 Exception code: 0xc0000005 Fault offset: 0x0000000000466d44
Faulting
process id: 0x9d4 Faulting application start time: 0x01cdea442f56b906 Faulting application
path: C:\Windows\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report
Id: 6d32f3af-5637-11e2-be79-50465de562ed Faulting package full name: 60246AlexanderWilkens.ForecastPro_1.3.2.28_neutral__2anym1c0znvqr
Faulting
package-relative application ID: App

Error - 1/4/2013 5:34:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2013 5:34:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = 788: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1125

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1125

Error - 1/4/2013 6:15:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2013 6:15:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = 872: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2013 6:15:35 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 6:15:35 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1219

[ System Events ]
Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Service Control Manager | ID = 7000
Description = The DhaHelper service failed to start due to the following error:
%%1275

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:59:23 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/24/2012 10:09:05 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 1/3/2013 9:24:36 PM | Computer Name = Jake-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:08:21 PM on ?1/?3/?2013 was unexpected.

Error - 1/3/2013 9:24:44 PM | Computer Name = JAKE-LAPTOP | Source = BugCheck | ID = 1001
Description =

Error - 1/3/2013 9:24:15 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =


< End of report >
  • 0

#14
DonnaB
Posted 06 January 2013 - 11:08 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Good morning xirftwx! :)

I've been meaning to ask if you created the recovery disks for your ASUS when it was fresh out of the box. Not that they'll be needed, I just like to make it practice to encourage people to create those disks when they purchase a new PC. They can be gold if ever needed in the future.

Thank you for the logs. While I am viewing the logs could you please follow the instructions provided below:

Please download WVCheck
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

Also, in your next reply, could you tell me if you're still being redirected to FindGala and if your background is still pitch black?

Thank you,

Donna :)
  • 0

#15
xirftwx
Posted 06 January 2013 - 11:26 AM

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Goodmorning to you, Donna!

1) The laptop came with a recovery disk, so all set there :happy:

2) I am still experiencing the redirect and the background has not changed from pitch black.

WVCheck Log:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1118_06-01-2013
-----------------------

Windows Information
-----------------------
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 11776 bytes
Creation; 25/7/2012 21:16:54
Modification; 25/7/2012 22:20:1
MD5; e1c6eb13c6206184f6f16e863ee67cfe
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 11776 bytes
Creation; 25/7/2012 21:16:54
Modification; 25/7/2012 22:20:1
MD5; e1c6eb13c6206184f6f16e863ee67cfe
Matched: slwga.dll
-----------------------
C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.2.9200.16384_none_581b31672d19a90b\slwga.dll
Size: 14336 bytes
Creation; 25/7/2012 21:10:54
Modification; 25/7/2012 22:7:19
MD5; dbc547f707389fd7ed9fac69b39f5254
Matched: slwga.dll
-----------------------
C:\Windows\WinSxS\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.2.9200.16384_none_fbfc95e374bc37d5\slwga.dll
Size: 11776 bytes
Creation; 25/7/2012 21:16:54
Modification; 25/7/2012 22:20:1
MD5; e1c6eb13c6206184f6f16e863ee67cfe
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 8a93f57772fd24959f76a65ff79d282d


-------- End of File, program close at 1120_06-01-2013 --------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP