Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer, not a ram issue

Started by hanehane , Mar 11 2013 03:29 PM

  • Please log in to reply

#1
hanehane
Posted 11 March 2013 - 03:29 PM

hanehane

    New Member

  • Member
  • Pip
  • 1 posts
This is my brother's computer. On startup the computer is very slow to start. I also am unable to boot from a usb(though the usb I am trying to boot from is an arch linux fat32 usb. After some time the computer becomes able to run properly.
Some things of importance
  • He does not torrent.
  • He went to a site called IceFilms(dot)info
  • From said site he installed a divx codex
  • There is photoshop on this computer, which means that he might have torrented it. I am not certain if he bought or torrented it, but it is still something to note.
  • He uses this school mainly for school
OTL logfile created on: 3/11/2013 12:28:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.97% Memory free
7.60 Gb Paging File | 5.60 Gb Available in Paging File | 73.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 11.41 Gb Free Space | 19.48% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 207.99 Gb Free Space | 52.35% Space Free | Partition Type: NTFS

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/11 12:28:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/04/23 23:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/23 23:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/02 14:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/28 16:08:19 | 000,459,728 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 16:08:16 | 004,050,896 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 16:07:25 | 000,596,944 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/02/28 16:07:24 | 000,124,368 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/02/28 16:07:21 | 001,552,848 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/31 19:29:46 | 000,066,856 | ---- | M] () -- C:\WINDOWS\SysWOW64\SynTPEnhPS.dll
MOD - [2009/12/02 14:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2009/12/02 14:48:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/12/02 14:47:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/12/02 14:47:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/12/02 14:47:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/12/02 14:47:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/12/02 14:47:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/12/02 14:47:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/26 14:44:56 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 16:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 15:56:50 | 000,119,296 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/11/28 13:51:42 | 001,039,872 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012/01/09 13:31:39 | 001,755,536 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Users\Patrick\AppData\Local\Temp\LMIA3D2.tmp\LMI_InstantChat_srv.exe -- (LMIRescue_20f0188b-b263-474e-9831-1d2eb0723bc3)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/05/21 05:13:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/21 04:51:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/23 23:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/23 23:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/02 14:47:00 | 000,656,624 | ---- | M] (SoftThinks) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/28 08:12:40 | 000,589,824 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/03 22:50:20 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 14:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/21 14:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 14:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 15:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/04/29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\androidusb.sys -- (HTCAND64)
DRV:64bit: - [2010/04/29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/04/23 23:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/23 23:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/23 23:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/23 23:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/02/10 17:01:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/08 05:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/16 06:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/16 06:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {463DD798-D71C-443B-8865-94B7EEE5042A}
IE:64bit: - HKLM\..\SearchScopes\{463DD798-D71C-443B-8865-94B7EEE5042A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {197EF7A6-84BF-42F5-94C1-BDA8D47777EF}
IE - HKLM\..\SearchScopes\{197EF7A6-84BF-42F5-94C1-BDA8D47777EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111017
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EB7DB293-EF0E-1B68-3751-120934CB891A}
IE - HKCU\..\SearchScopes\{197EF7A6-84BF-42F5-94C1-BDA8D47777EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{E0F5F9C2-DFD8-445B-A5AF-D4B9BF522730}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{EB7DB293-EF0E-1B68-3751-120934CB891A}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/12/27 13:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/12/10 04:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...l_date=20111017
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s,
CHR - homepage: http://www.bing.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adventure Time with Finn and Jake = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocngmpdkbemndadokjpgkhhjihadopd\1.7_0\
CHR - Extension: Google Search = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ICE Quick Stream = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.6_0\
CHR - Extension: Gmail = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9EDBE9D-CEB3-4EEC-BFF9-40A3BC3C7116}: DhcpNameServer = 192.168.0.1 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E329FC92-9EDF-4679-9F6A-C4B3C8B0FDF4}: DhcpNameServer = 75.75.75.75 75.75.76.76 147.135.0.6 147.135.8.6
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{022e2393-71fc-11e1-a138-b8ac6f6a9849}\Shell - "" = AutoRun
O33 - MountPoints2\{022e2393-71fc-11e1-a138-b8ac6f6a9849}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/11 12:28:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2013/02/24 01:58:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\vlc
[2013/02/24 01:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/24 01:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/02/24 01:49:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Movies
[2011/02/09 16:29:54 | 001,233,920 | R--- | C] (Microsoft Corporation) -- C:\Users\Patrick\AppData\Roaming\msxml4.dll
[2011/02/09 16:29:53 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\Users\Patrick\AppData\Roaming\msxml4a.dll
[2010/09/22 00:09:59 | 011,371,536 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Patrick\AppData\Roaming\LoJackSetup.exe
[2005/01/12 14:53:54 | 000,082,432 | R--- | C] (Microsoft Corporation) -- C:\Users\Patrick\AppData\Roaming\msxml4r.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/11 12:28:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2013/03/11 12:23:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 12:23:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 12:16:06 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-940484892-1209883713-1910877483-1000UA.job
[2013/03/11 12:12:34 | 000,510,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 12:12:34 | 000,405,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 12:12:34 | 000,110,830 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/11 12:07:28 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-940484892-1209883713-1910877483-1003UA.job
[2013/03/11 12:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/11 12:03:44 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/11 11:51:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/11 10:16:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-940484892-1209883713-1910877483-1000Core.job
[2013/03/11 03:48:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-940484892-1209883713-1910877483-1003Core.job
[2013/03/05 23:39:29 | 000,008,506 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\wklnhst.dat
[2013/02/27 13:14:06 | 480,472,482 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/24 01:50:57 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/27 13:14:06 | 480,472,482 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/24 01:50:57 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/17 00:51:34 | 000,004,608 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 02:06:20 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/02 22:40:23 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 00:22:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/24 21:18:23 | 000,000,112 | ---- | C] () -- C:\Users\Patrick\webct_upload_applet.properties
[2010/09/22 00:09:13 | 000,000,046 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\FactoryInstaller.xml
[2010/09/22 00:06:13 | 000,008,506 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2010/07/27 07:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 07:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/09/22 00:17:25 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Absolute
[2010/09/22 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Absolute_Software
[2011/01/08 19:46:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Apowersoft
[2010/10/12 11:34:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\AVG10
[2011/10/17 16:56:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\EasyPDFReader
[2011/05/30 16:11:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\NeopleLauncherDFO
[2011/01/23 22:50:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\OpenOffice.org
[2011/03/02 22:30:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\PCDr
[2013/03/08 01:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SoftGrid Client
[2012/01/12 02:08:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Synaptics
[2012/03/22 23:06:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SynthMaker
[2011/02/27 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Teleca
[2011/01/23 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Template
[2010/09/24 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TP
[2010/12/10 04:54:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\WeatherBug
[2011/05/13 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 3/11/2013 12:28:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.97% Memory free
7.60 Gb Paging File | 5.60 Gb Available in Paging File | 73.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 11.41 Gb Free Space | 19.48% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 207.99 Gb Free Space | 52.35% Space Free | Partition Type: NTFS

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F19FE2-C857-4294-8CEF-C4A3D3A6347A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FE53574-4381-4873-AF81-9DCAC404DE91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1658B2E5-8FAA-450F-92C0-5879F6AA00BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18807032-CD06-4F13-A14D-D37DED261C32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CD514AA-420B-468A-8F2D-0D9250536B62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28BC4F23-75FE-4691-A45E-69314993FF34}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C6EB712-8C50-4BEE-A2E0-F68827D21A95}" = rport=137 | protocol=17 | dir=out | app=system |
"{2CAE4B11-CCA4-4546-9EDF-FF89BCC79F22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E901D2B-3A08-4EDC-AB55-4F1A0A0AFF17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2F209BC4-C979-4878-A561-4B4D353CAC41}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2FFC070E-EC59-4CB3-A53E-B12605751046}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C1ABF4E-0B3E-4C3B-B9DA-3D65ABE8279B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3ECF72D9-13D4-4F2F-A45E-56B2BCE3F681}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A1702EA-6690-4985-9A8E-C5564204D335}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5043CB79-CA54-4F33-BF7E-BFEF941EC8DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{525CBD33-A851-44CF-A6A6-E8EDA1A65136}" = lport=139 | protocol=6 | dir=in | app=system |
"{54805243-514D-4FDF-9DBC-9CEEFDC2BD88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56B77A1C-A352-47FF-A122-8402C5FC80E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5729D20F-67C8-4779-AD8A-0F69878FAD72}" = rport=445 | protocol=6 | dir=out | app=system |
"{58F01ADE-5F1F-466B-880F-E8DBD52B522A}" = rport=139 | protocol=6 | dir=out | app=system |
"{7028060A-B1A2-405F-B894-07534BE5DBE1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7862097C-5403-4A0B-B82A-0E24A29593B0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D252AAD-B799-49ED-9BA6-29F77705DDFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{88021063-2558-44E8-A3C3-C3ABBB72EA51}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B8DA13F-5028-40A3-9721-33C9321BA908}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DE4CB0C-A5D0-4B1C-BC31-D6CBA92DF0FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EEFD26C-7A73-4518-A59B-53B1E83BAA12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8FD2203B-7094-495E-881D-54E10D73AC68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{949E1BFD-E71F-41CC-90F3-7FA4FB1F3062}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A5CB2A9-EBC7-4A7B-973E-0637239B8BA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1F5C340-8FA2-4B12-8766-573529C4F76D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A3C8430D-A15F-42ED-A23C-F71E7CFF5076}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B46DE7CF-BE8C-4D62-BF6F-0B73E50E4E96}" = lport=445 | protocol=6 | dir=in | app=system |
"{B92976B6-F901-4A1E-B4EC-039A372EAD80}" = lport=137 | protocol=17 | dir=in | app=system |
"{B966E14D-7E09-4D59-AD61-0890C864D6A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BCBE2519-51F7-4616-977E-C8018EB8D1F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8530382-C907-459D-BF62-68E0898894A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8C5E069-AD85-4AB8-B546-C05B431AFD1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA805A91-6A1C-4010-ACAD-7E080EDF67C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD1978B7-B993-4789-BE39-25D22E80AC62}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E072D58E-838F-4A88-BD67-F1B0FBF8BB2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E08DA994-C067-404D-AD9D-16372F5170E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E44DBD07-C1AA-4BDD-A50E-A40A775A32C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6C4ADEE-C3C0-4FD6-9A37-46544D5340D1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9480707-37A6-4583-A828-031520D0655C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EBDBB07A-66DE-4D6F-929E-02B022AD26B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F26BBA90-2592-4CBD-8405-BD153E7BE458}" = lport=138 | protocol=17 | dir=in | app=system |
"{F49CDF9A-27A7-4D23-A83B-F121A456ADBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5FA7A84-3017-4F6A-A4A7-FDFF744AE09F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F67310AC-15C2-4497-84CA-45CDBCA32266}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F80C7A1F-A1D2-483C-8253-51CF790AAFD9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00236A6E-AADD-4588-ACDD-FD613169ECF7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0A280863-9C06-45DD-AC03-043F6A63BB0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{0C95D1BC-1088-4800-9916-ED5D4B65CFDE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{0D860B3C-EC50-46F3-9C94-B65BF36A4DB8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{0F877898-633D-4072-BA68-5DC2551366A0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{16B88142-C95F-4915-BB6F-D14CADF9D31C}" = protocol=6 | dir=out | app=system |
"{1855C199-9A96-491B-AC40-078C9855D1B8}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{1C72BCC6-F73C-4B03-9FFE-FDF5E181BD08}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{20FEA0DC-1F90-4210-8CDD-9854762EC5C5}" = protocol=6 | dir=out | app=system |
"{22345115-53C9-4114-950D-D288227C48E0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{224FD09E-6EFB-4E2E-835C-B4FE8D459C2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25C747D2-391E-4624-A300-15C6754392C5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2A2BB5DE-9143-4BA1-A7DC-C1E2B91397D2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2F69BFEC-E51A-42D9-BE4B-99412E844B45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{348AF72B-A0C7-4563-8C7A-F313789602F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{3746C4C0-2900-4814-AAF8-230078BCAA89}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{39887FD8-80B4-4177-9509-688939B32302}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{3B39259B-30AC-46CC-9091-27AF78B65308}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{42F19A2A-EDEA-4FDC-8527-B9561615736B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{47589B33-7909-4291-BEC9-012355424A89}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4C086A95-3EC8-47AC-87CD-745DD9D2E515}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{4E763E56-301A-4C2B-8F3C-A7D24E22CB45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56BBAE5B-8AFB-46DA-B2F1-86FBC2F0C68D}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{5A04437B-14BE-450F-A3DB-848D1F817B0A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5B381966-2894-4B89-80DB-64D3C4C3B631}" = protocol=1 | dir=in | [email protected],-28543 |
"{60864AC5-97AC-4544-A9CA-E9F12648912E}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{6593D52A-C7A3-4781-A201-01637BD606B1}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{67DC081F-AC94-4751-B9BA-3CC3D90F5D47}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{78D5E598-9258-4C5F-8B4B-593B2BBA55A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7C05DD7C-8908-4812-A25D-1DE12CE26158}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{830DC37E-48F3-4BEF-8C0B-83867BB2D0FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{841F5EC9-FB7D-423E-8567-205B4C0ECD40}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{853BF21D-9AAF-4ACB-B15F-D0D492F1511B}" = protocol=6 | dir=out | app=system |
"{898460F2-F1F3-416A-9200-F31BDB92EEBE}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{8A7A9DA1-5EEA-4A80-ADE7-85C13ADBDD46}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8D275EAC-C507-43E8-89C9-16B43C7FEB2C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8EEDE6A5-1CA2-47BF-8BD5-D1423E50F495}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92622716-E2CA-431C-AA85-3CA1A93D5EF7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{92671AA0-D886-43BE-8F16-3A4FB9522BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{9B6CD3E7-85FB-4B20-BE99-1E2D02F5ED76}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{9BCA9738-C9F1-4460-AF47-FB00ACDD6365}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C40868E-C134-4486-83C4-69E669FD913D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A2E4E3B4-3B4D-4D01-AD36-4908F717966C}" = protocol=58 | dir=in | [email protected],-28545 |
"{A344D991-C183-4083-98B1-F3BDA1E1664F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{A3D3CD34-AF27-4D7C-A178-D57920B78F42}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{A875D0BB-FFB7-4BAC-9B0D-2EA57BEB4C56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE54E69F-749D-4D3B-9409-811E52AAADC9}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{B0AA7637-258A-4CE9-9200-2502C173267C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1D71D7B-6CA1-4F25-B331-FF0BA45312C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{B2CCEAE7-925F-4872-AA41-99AE0077B47B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{B3853299-191B-4CF8-BD61-B06C4E8C453F}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{C0CA631F-7F24-4A76-A632-CF0C470B5082}" = protocol=1 | dir=out | [email protected],-28544 |
"{C28EEE59-4371-4BEB-B78C-96303ADD268C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C5A0256C-1A9E-43D3-94F7-AD148D5DB5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{C73D4142-2361-499F-AD3D-6F21A429516E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{CB3AE4AA-F29A-4027-8D9F-F608B63964CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFEC1D46-79FB-410C-868C-10904D8D6B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{D0408660-907A-43C3-B009-14A5C5BC2F65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1EACC22-1953-4E89-AD94-946159D0FC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4ECDF9B-4EE6-4123-82C5-209A62354AE0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{D5829A26-84F2-4571-AE19-9F02CFCF7977}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{DFA1ADBF-1C35-4480-95CD-3369E96C8FFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1223609-DF48-46B3-B887-8090A15D7B58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E374326C-E346-45C3-8C10-D0A122144C06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6B34288-8AFD-451A-BF5C-A4823B5AD7DB}" = protocol=58 | dir=out | [email protected],-28546 |
"{EC26079D-A44A-4770-9F44-62D00E6F226C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F328C0FA-31BC-44BA-B766-1996A00915F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBF019CB-1520-4BDA-AEB2-F39B423EAA3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{0087990E-A7CB-48A3-8BAB-936F83B59E9C}C:\users\patrick\appdata\local\temp\lmia3d2.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmia3d2.tmp\lmi_instantchat.exe |
"TCP Query User{0CAF9B89-30DF-4A31-92FD-E4AF06631050}C:\users\patrick\appdata\local\temp\lmif90d.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmif90d.tmp\lmi_instantchat.exe |
"TCP Query User{7E5CEB8E-8849-4898-BC28-FD5E612546C2}C:\users\patrick\appdata\local\temp\lmi5018.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi5018.tmp\lmi_instantchat.exe |
"TCP Query User{910829B9-732B-4466-9EEB-086AA43AF14D}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{9F04E828-E5C6-493E-804A-2A3474714A4C}C:\users\patrick\appdata\local\temp\lmi389d.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi389d.tmp\lmi_instantchat.exe |
"TCP Query User{9FBE14BB-6A98-46A1-B9E4-7036EA04E086}C:\users\patrick\appdata\local\temp\lmi8569.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi8569.tmp\lmi_instantchat.exe |
"TCP Query User{B1F9D26C-DF88-42E5-BCF5-16A551561ABA}C:\users\patrick\appdata\local\temp\lmi23b8.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi23b8.tmp\lmi_instantchat.exe |
"TCP Query User{CF119D75-3F05-4934-A7B3-80727E12E3B2}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{D8FBDCD9-1EEC-40CE-AC63-A2E630EE955B}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{01BDE302-37C5-4B3B-9CEB-5BD5B47619BE}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{06603A66-53FF-4F25-8720-85B25405FABA}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{0AFFDB4D-3CA5-4406-A5FB-FF8F36AA6E7A}C:\users\patrick\appdata\local\temp\lmi389d.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi389d.tmp\lmi_instantchat.exe |
"UDP Query User{2507823C-AE78-41DB-8253-10767ADFEEEB}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{3BA7ED02-6937-4376-9820-CE074C616C05}C:\users\patrick\appdata\local\temp\lmi5018.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi5018.tmp\lmi_instantchat.exe |
"UDP Query User{47C072C2-9D88-4C61-90E4-159CE4EFB6D2}C:\users\patrick\appdata\local\temp\lmia3d2.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmia3d2.tmp\lmi_instantchat.exe |
"UDP Query User{929BE827-716D-44C6-A40F-FECF028E4CE2}C:\users\patrick\appdata\local\temp\lmi8569.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi8569.tmp\lmi_instantchat.exe |
"UDP Query User{9E51F89E-4DD2-4C0E-B636-D220365FC92A}C:\users\patrick\appdata\local\temp\lmif90d.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmif90d.tmp\lmi_instantchat.exe |
"UDP Query User{F51EC1BD-F2BD-45AC-9FE4-9564CA3B54B8}C:\users\patrick\appdata\local\temp\lmi23b8.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\local\temp\lmi23b8.tmp\lmi_instantchat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}" = WD Drive Manager (x64)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"DW WLAN Card" = DW WLAN Card
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Optimizer Pro" = PC Optimizer Pro
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 39
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter" = AC3Filter (remove only)
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"DFO" = DFOLauncher
"Easy PDF Reader" = Easy PDF Reader 1.0
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"StartNow Toolbar" = StartNow Toolbar
"VLC media player" = VLC media player 2.0.5
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WTA-9822c2e4-7175-4096-b7f5-7863fe0b77d9" = Lemonade Tycoon 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NetAssistant" = Freeze.com NetAssistant

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2013 3:56:57 PM | Computer Name = Patrick-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 2/25/2013 3:59:18 PM | Computer Name = Patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/26/2013 5:42:09 PM | Computer Name = Patrick-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=16:app=OfficeVirt 9014006204090000:tid=AD8} The Application Virtualization
Client could not connect to stream URL 'http://c2r.microsoft...0.6131.5001.sft'
(rc 00000729-00000026, original rc 00000729-00000026).

Error - 2/26/2013 5:42:09 PM | Computer Name = Patrick-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=16:app=OfficeVirt 9014006204090000:tid=AD8} The client was unable
to connect to an Application Virtualization Server (rc 00000729-00000026)

Error - 2/26/2013 5:44:15 PM | Computer Name = Patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/26/2013 5:46:39 PM | Computer Name = Patrick-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=16:app=OfficeVirt 9014006204090000:tid=938} The Application Virtualization
Client could not connect to stream URL 'http://c2r.microsoft...0.6131.5001.sft'
(rc 00000729-00000026, original rc 00000729-00000026).

Error - 2/26/2013 5:46:39 PM | Computer Name = Patrick-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=16:app=OfficeVirt 9014006204090000:tid=938} The client was unable
to connect to an Application Virtualization Server (rc 00000729-00000026)

Error - 2/26/2013 5:48:43 PM | Computer Name = Patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/26/2013 6:16:55 PM | Computer Name = Patrick-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 2/27/2013 2:03:43 AM | Computer Name = Patrick-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 2/27/2013 2:03:43 AM | Computer Name = Patrick-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ Media Center Events ]
Error - 1/10/2011 4:11:09 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 12:11:09 PM - Error connecting to the internet. 12:11:09 PM - Unable
to contact server..

Error - 1/10/2011 4:11:15 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 12:11:14 PM - Error connecting to the internet. 12:11:14 PM - Unable
to contact server..

Error - 1/22/2011 4:44:05 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 12:44:05 PM - Error connecting to the internet. 12:44:05 PM - Unable
to contact server..

Error - 1/22/2011 4:44:20 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 12:44:10 PM - Error connecting to the internet. 12:44:10 PM - Unable
to contact server..

Error - 1/23/2011 4:03:11 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 12:03:11 PM - Error connecting to the internet. 12:03:11 PM - Unable
to contact server..

Error - 1/30/2011 3:10:38 AM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 11:10:38 PM - Error connecting to the internet. 11:10:38 PM - Unable
to contact server..

Error - 1/30/2011 3:10:50 AM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 11:10:43 PM - Error connecting to the internet. 11:10:43 PM - Unable
to contact server..

Error - 1/30/2011 3:24:55 AM | Computer Name = Patrick-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 1/31/2011 11:50:23 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 8:53:24 PM - Error connecting to the internet. 8:53:24 PM - Unable
to contact server..

Error - 2/5/2011 7:44:03 PM | Computer Name = Patrick-PC | Source = MCUpdate | ID = 0
Description = 3:44:03 PM - Error connecting to the internet. 3:44:03 PM - Unable
to contact server..

[ System Events ]
Error - 3/11/2013 4:13:55 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:15:56 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:18:57 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:21:57 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:27:58 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:28:30 PM | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 3/11/2013 4:29:00 PM | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 3/11/2013 4:29:59 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:32:00 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/11/2013 4:34:01 PM | Computer Name = Patrick-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >
  • 0

Advertisements

#2
Jintan
Posted 17 March 2013 - 04:54 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go hanehane,

Adobe Photoshop Elements 8.0 costs about $125, so you would best know what your brother can afford to buy. Adware showing here, and other suspect items as well, so let's take action.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Yontoo Layers Client 1.10.01 - Adware.
PC Optimizer Pro - Fake, scam software.
Bing Bar - Search hijacker.
InstallIQ Updater - Adware.
StartNow Toolbar - Adware, spyware, search hijacker.
McAfee Security Scan Plus - Scans only, so pretty useless.

---------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP