Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Programs will not start at startup; very slow in general

Started by praxidice , Apr 17 2013 03:41 AM

  • Please log in to reply

#1
praxidice
Posted 17 April 2013 - 03:41 AM

praxidice

    Member

  • Member
  • PipPipPip
  • 164 posts
Hello,

Summary:
-- I have some startup programs that will not start at startup, no matter what the settings. (This includes my firewall [Outpost], Google Drive, FileHippo UpdateChecker, and sometimes the anti-virus [Avira].)
-- My system is running really, really slowly in general. It locks up often and if I try to work too quickly it stalls.

Background: The reason I think this might be malware-related is that I have been living in South Korea. (I just moved back to Europe, so I am trying to fix this now.) Korea has a bad reputation for malware/viruses amongst my friends there. Also, all of these problems started while I was living there.

Possible source: I used a USB stick to take files to and from my work computer. I scanned it each time with Avira, and there were some viruses found from time to time. But, Avira seemed to remove them.

Thank you in advance.

OTL------

OTL logfile created on: 4/17/2013 10:37:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pockets\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.12 Mb Total Physical Memory | 123.12 Mb Available Physical Memory | 12.14% Memory free
2.18 Gb Paging File | 0.47 Gb Available in Paging File | 21.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 26.22 Gb Free Space | 26.22% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 117.62 Gb Free Space | 99.79% Space Free | Partition Type: NTFS

Computer Name: POCKETS-PC | User Name: Pockets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/17 10:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pockets\Downloads\OTL.exe
PRC - [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/03/07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/22 19:37:26 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/22 08:54:26 | 002,765,312 | ---- | M] (RescueTime, Inc.) -- C:\Program Files\RescueTime\RescueTime.exe
PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/08/01 07:07:18 | 000,425,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2011/07/13 02:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2011/04/12 22:18:54 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2011/04/12 22:18:52 | 001,813,800 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/01/22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/17 09:30:25 | 000,128,512 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\_elementtree.pyd
MOD - [2013/04/17 09:30:25 | 000,044,032 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\_socket.pyd
MOD - [2013/04/17 09:30:24 | 000,557,056 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\pysqlite2._sqlite.pyd
MOD - [2013/04/17 09:30:24 | 000,320,512 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32com.shell.shell.pyd
MOD - [2013/04/17 09:30:24 | 000,098,816 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32api.pyd
MOD - [2013/04/17 09:30:24 | 000,070,656 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._html2.pyd
MOD - [2013/04/17 09:30:24 | 000,022,528 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32ts.pyd
MOD - [2013/04/17 09:30:23 | 001,022,416 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\windows._cacheinvalidation.pyd
MOD - [2013/04/17 09:30:23 | 000,805,888 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._gdi_.pyd
MOD - [2013/04/17 09:30:23 | 000,017,408 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32profile.pyd
MOD - [2013/04/17 09:30:23 | 000,011,264 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32crypt.pyd
MOD - [2013/04/17 09:30:22 | 001,175,040 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._core_.pyd
MOD - [2013/04/17 09:30:22 | 000,735,232 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._misc_.pyd
MOD - [2013/04/17 09:30:22 | 000,364,544 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\pythoncom27.dll
MOD - [2013/04/17 09:30:22 | 000,110,080 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\PyWinTypes27.dll
MOD - [2013/04/17 09:30:22 | 000,108,544 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32security.pyd
MOD - [2013/04/17 09:30:22 | 000,087,040 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\_ctypes.pyd
MOD - [2013/04/17 09:30:20 | 001,153,024 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\_ssl.pyd
MOD - [2013/04/17 09:30:20 | 000,711,680 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\_hashlib.pyd
MOD - [2013/04/17 09:30:20 | 000,035,840 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32process.pyd
MOD - [2013/04/17 09:30:20 | 000,025,600 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32pdh.pyd
MOD - [2013/04/17 09:30:19 | 000,811,008 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._windows_.pyd
MOD - [2013/04/17 09:30:19 | 000,122,368 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._wizard.pyd
MOD - [2013/04/17 09:30:19 | 000,119,808 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32file.pyd
MOD - [2013/04/17 09:30:18 | 000,038,912 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32inet.pyd
MOD - [2013/04/17 09:30:15 | 001,062,400 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\wx._controls_.pyd
MOD - [2013/04/17 09:30:15 | 000,686,080 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\unicodedata.pyd
MOD - [2013/04/17 09:30:15 | 000,127,488 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\pyexpat.pyd
MOD - [2013/04/17 09:30:15 | 000,018,432 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\win32event.pyd
MOD - [2013/04/17 09:30:14 | 000,010,240 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI40522\select.pyd
MOD - [2013/04/09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV - [2013/03/23 14:32:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/05/23 07:53:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/04 11:57:28 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)
SRV - [2010/05/21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013/04/17 10:04:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/03/21 17:27:58 | 000,708,760 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/03/21 17:27:20 | 000,034,096 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/03/21 17:27:16 | 000,070,160 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/02/09 08:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 16:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/20 17:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {133520C5-3880-4076-896D-F5FB2FC77692}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{133520C5-3880-4076-896D-F5FB2FC77692}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/22 15:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/22 00:06:52 | 000,000,000 | ---D | M]

[2012/06/23 17:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pockets\AppData\Roaming\Mozilla\Firefox\extensions
[2012/06/23 17:25:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pockets\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2013/04/01 19:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/29 13:13:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/29 13:12:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.gmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: DoNotTrackMe = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.3.7_0\
CHR - Extension: Pinterest = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Rapportive = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: avast! WebRep = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Disconnect = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.0.0_1\
CHR - Extension: Ghostery = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: Save in Delicious = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd\1.2_0\
CHR - Extension: Click&Clean App = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Gmail = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Privacyfix by Privacychoice = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\4.0.2_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk = C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
O4 - Startup: C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk = C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {273D7C55-6B65-4EB5-A636-D4F8BCA344E0} http://ace.gojls.com...isualEditor.cab (VisualEditor Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {B8677403-AAE2-40AB-8DB1-5FA6C4E4A9E5} http://dist.cdnetwor...uaWebPlayer.cab (AquaWebPlayer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A0C2821-DC1A-4549-A425-BC80A8F8383F}: DhcpNameServer = 168.126.63.1 168.126.63.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F18227E-BCF3-47C1-8E03-F98BEEDE877E}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{51093505-479a-11e0-9d56-bcaec5022308}\Shell - "" = AutoRun
O33 - MountPoints2\{51093505-479a-11e0-9d56-bcaec5022308}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{b6a3971e-e1a3-11e0-9ac9-bcaec5022308}\Shell - "" = AutoRun
O33 - MountPoints2\{b6a3971e-e1a3-11e0-9ac9-bcaec5022308}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2030/01/01 14:10:42 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/04/17 10:04:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2013/04/10 10:34:52 | 000,000,000 | --SD | C] -- C:\Users\Pockets\Google Drive
[2013/04/10 10:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/04/04 22:10:10 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\Health Resources
[2013/04/01 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/26 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\Pockets\AppData\Local\RescueTime.com
[2013/03/26 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
[2013/03/26 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\RescueTime
[2013/03/25 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\Takeaway
[2013/03/25 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\New Step by Step audio

========== Files - Modified Within 30 Days ==========

[2013/04/17 10:42:19 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 10:04:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2013/04/17 09:40:26 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:40:26 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:29:35 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 09:28:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/17 09:28:15 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/15 22:25:08 | 000,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2013/04/13 13:51:43 | 000,402,688 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/10 10:34:54 | 000,001,643 | ---- | M] () -- C:\Users\Pockets\Desktop\Google Drive.lnk
[2013/04/04 22:14:17 | 000,660,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/04/04 22:14:17 | 000,121,214 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/04/04 14:26:11 | 000,001,468 | ---- | M] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk
[2013/04/04 14:25:59 | 000,001,676 | ---- | M] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk
[2013/03/26 21:58:30 | 000,001,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2013/03/26 21:40:23 | 000,497,900 | ---- | M] () -- C:\Users\Pockets\Desktop\Minimalist_Guide_to_Hacking_Your_Habits.pdf
[2013/03/22 00:07:10 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt

========== Files Created - No Company Name ==========

[2030/01/01 14:10:42 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/04/15 22:25:08 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2013/04/10 10:34:54 | 000,001,643 | ---- | C] () -- C:\Users\Pockets\Desktop\Google Drive.lnk
[2013/04/04 14:26:11 | 000,001,468 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk
[2013/04/04 14:25:59 | 000,001,676 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk
[2013/04/01 19:33:14 | 000,001,941 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/03/26 21:58:30 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2013/03/26 21:39:54 | 000,497,900 | ---- | C] () -- C:\Users\Pockets\Desktop\Minimalist_Guide_to_Hacking_Your_Habits.pdf
[2013/03/22 22:59:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/22 00:07:13 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/22 00:07:12 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2012/12/04 16:19:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/23 15:22:27 | 000,364,544 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2011/09/13 00:40:49 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011/06/25 07:15:01 | 000,000,034 | -H-- | C] () -- C:\windows\System32\Converter_sysquict.dat
[2011/01/28 01:56:15 | 000,014,848 | ---- | C] () -- C:\Users\Pockets\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 01:25:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/25 19:44:43 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/28 13:17:08 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Agnitum
[2010/09/25 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\ASUS WebStorage
[2012/03/28 02:22:40 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Audacity
[2012/09/18 06:06:02 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\AudioConverter
[2012/09/18 06:06:46 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\AxaraMedia
[2012/01/05 14:57:49 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\calibre
[2011/02/11 03:58:41 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/26 13:27:25 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/08/12 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Dropbox
[2012/01/22 06:40:38 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Mapi2Xml
[2012/01/05 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\PDF reDirect
[2012/03/28 02:04:04 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\REAPER
[2012/03/28 01:36:01 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Recordpad
[2010/12/31 04:17:31 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Tencent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/22 09:30:46 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʋ
[2010/12/22 09:30:46 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʋ

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 18 April 2013 - 10:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

If you really need Java then get the latest version from Java.com. Uncheck the optional foistware before the download.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.




Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does it complete without complaining that it can't fix something?)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
praxidice
Posted 18 April 2013 - 03:21 PM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Ron, thanks for your response!

I could complete every task except for running OTL again. It was very, very, very slow the first time (when I posted my first message), but now I have been waiting for almost 30 minutes and OTL is not doing anything.

(I can click "Run Scan", and the program is still running, but nothing seems to be happening. This happened before, but then the log appeared eventually. I will reboot and try again, and post the log in my next message.)

Here is the info and the logs:

1. Cleared Java cache, uninstalled old version, checked that my version is up to date.

2. ADWCleaner log:

=========================================================================
# AdwCleaner v2.200 - Logfile created 04/18/2013 at 20:45:42
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Pockets - POCKETS-PC
# Boot Mode : Normal
# Running from : C:\Users\Pockets\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Pockets\AppData\Local\Conduit
Folder Deleted : C:\Users\Pockets\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1214 octets] - [18/04/2013 20:45:42]

########## EOF - C:\AdwCleaner[S1].txt - [1274 octets] ##########

=========================================================================

3. Event viewer: Cleared logs for System and Application. (I kept copies of the logs if you want to see them.) Rebooted.

4. Scanned critical system files. Completed 100%.

5. Event Viewer System log:
=========================================================================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/04/2013 10:08:43 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2013 7:19:39 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2013 7:18:47 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:19:06 PM
Type: Warning Category: 0
Event: 5 Source: Microsoft-Windows-FilterManager
File System Filter 'PSI' (Version 6.0, ?2010?-?09?-?01T09:53:16.000000000Z) failed to register with Filter Manager. The final status for this operation was 0xc01c0011.

Log: 'System' Date/Time: 18/04/2013 7:18:36 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/04/2013 7:17:46 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/04/2013 7:17:45 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\bcmihvsrv.dll

=========================================================================

Event Viewer Application log:

=========================================================================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/04/2013 10:10:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=========================================================================

6. Speccy: File attached.

7. Process Explorer log:

=========================================================================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 74.52 0 K 24 K 0
procexp.exe 20.20 34,176 K 47,912 K 1900 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
acs.exe 2.99 24,744 K 14,956 K 1688 Agnitum Outpost Service Agnitum Ltd. (Verified) Agnitum Ltd.
System 2.49 44 K 304 K 4
Interrupts 0.76 0 K 0 K n/a Hardware Interrupts and DPCs
explorer.exe 0.69 36,764 K 24,548 K 2624 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
psia.exe 0.58 8,548 K 5,100 K 732 Secunia PSI Agent Secunia (Verified) Secunia
csrss.exe 0.52 10,052 K 7,904 K 556 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.41 35,052 K 21,904 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 0.31 5,664 K 1,548 K 3640 ETD Control Center ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
chrome.exe 0.30 90,128 K 103,152 K 1904 Google Chrome Google Inc. (Verified) Google Inc
IAANTmon.exe 0.29 2,928 K 1,336 K 2520 RAID Monitor Intel Corporation (Verified) Intel Corporation
lsass.exe 0.17 4,080 K 3,668 K 664 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.10 4,340 K 3,164 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.09 131,136 K 92,276 K 4132 Google Chrome Google Inc. (Verified) Google Inc
googledrivesync.exe 0.06 45,676 K 9,464 K 3928 Google Drive Google (Verified) Google Inc
AvastSvc.exe 0.04 54,376 K 6,152 K 1400 avast! Service AVAST Software (Verified) AVAST Software
svchost.exe 0.02 19,940 K 16,344 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 3,548 K 2,560 K 776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.02 8,876 K 2,508 K 3564 avast! Antivirus AVAST Software (Verified) AVAST Software
flux.exe 0.02 5,000 K 2,488 K 4032 (No signature was present in the subject)
RescueTime.exe 0.02 4,032 K 5,048 K 3324 RescueTime RescueTime, Inc. (No signature was present in the subject) RescueTime, Inc.
SearchIndexer.exe 0.02 29,824 K 8,108 K 2744 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 43,980 K 23,000 K 3184 Google Chrome Google Inc. (Verified) Google Inc
nusb3mon.exe 0.01 2,396 K 892 K 3752 USB 3.0 Monitor NEC Electronics Corporation (No signature was present in the subject) NEC Electronics Corporation
svchost.exe 0.01 5,300 K 2,684 K 1852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8,548 K 4,032 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
psi_tray.exe < 0.01 1,524 K 468 K 3376 Secunia PSI Tray Secunia (Verified) Secunia
wmpnetwk.exe < 0.01 6,000 K 2,764 K 4084 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,364 K 7,168 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 60,940 K 31,872 K 4072 Google Chrome Google Inc. (Verified) Google Inc
WLIDSVC.EXE < 0.01 5,348 K 1,948 K 2276 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe < 0.01 18,644 K 5,784 K 5660 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,884 K 1,688 K 508 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,248 K 7,652 K 3512 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,200 K 288 K 2572 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
wlanext.exe 1,984 K 1,664 K 1408 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,400 K 1,408 K 612 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,316 K 184 K 548 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2,884 K 1,540 K 1092 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,864 K 6,424 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 32,964 K 12,392 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,672 K 2,916 K 868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,516 K 3,564 K 1616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,100 K 1,732 K 2464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,868 K 376 K 2988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,200 K 1,684 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,080 K 292 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,040 K 292 K 460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 2,232 K 496 K 3900 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
sua.exe 1,908 K 1,320 K 4092 Secunia Update Agent Secunia (Verified) Secunia
spoolsv.exe 5,820 K 2,100 K 1588 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 308 K 240 K 380 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 1,376 K 1,336 K 676 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LiveUpdate.exe 6,512 K 656 K 3956 Asus EeePC LiveUpdate for Bios, Driver, Software and Hotfix. AsusTek Computer Inc. (Verified) ASUSTeK Computer Inc.
jusched.exe 1,452 K 288 K 3984 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe 2,424 K 584 K 3520 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2,204 K 584 K 3572 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,764 K 644 K 3552 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAAnotif.exe 3,092 K 616 K 3500 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hkcmd.exe 2,636 K 628 K 3528 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
GrooveMonitor.exe 3,560 K 1,976 K 3684 GrooveMonitor Utility Microsoft Corporation (Verified) Microsoft Corporation
googledrivesync.exe 1,516 K 120 K 2284 Google Drive Google (Verified) Google Inc
GoogleCrashHandler.exe 1,908 K 388 K 3368 Google Crash Handler Google Inc. (Verified) Google Inc
ETDCtrlHelper.exe 2,348 K 808 K 2892 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 1,484 K 624 K 1484 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 908 K 296 K 1416 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 100,668 K 103,088 K 3112 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,140 K 12,720 K 1000 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,552 K 14,916 K 4624 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 52,180 K 26,780 K 800 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,500 K 13,360 K 5156 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 82,264 K 49,464 K 5332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 32,768 K 19,696 K 5208 Google Chrome Google Inc. (Verified) Google Inc
btwdins.exe 1,904 K 488 K 1768 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
audiodg.exe 17,252 K 15,720 K 648 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
AsusService.exe 1,164 K 372 K 1744 (No signature was present in the subject)
armsvc.exe 1,120 K 340 K 1724 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

=========================================================================
  • 0

#4
RKinner
Posted 18 April 2013 - 05:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see the speccy log but I think your PC is too hot:

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 18/04/2013 7:20:21 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


The CPU slows down when it gets too hot and we see the above messages.

If you get speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps in real tiem. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). Make sure you are working on a hard surface and that nothing is blocking the vents. Is this a laptop or a desktop?
  • 0

#5
praxidice
Posted 19 April 2013 - 03:47 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi Ron,

1. OTL still won't scan. Same as before -- I can click "Run Scan" (and see the button "click") but then nothing happens.
[UPDATE: After 3.5 hours, OTL finally finished the scan. Logs are in the next post.]

2. I am sure that I attached the Speccy log, but I am not surprised that it didn't work (because of the way my system is running). So, I pasted it below.


3. I installed Speedfan and 3 of the 4 temps were high. I checked Automatic Speed Fan and now 3 of the 4 are under 50 (in the high 40s).

By the way, this is a netbook, so a small laptop. Most of the vents (all but one small one) are along the sides and don't get blocked when it's on a flat hard surface. (Actually, if I prop it up on an angle, it blocks the large vent across the front, I think?)
[UPDATE: I tried propping it up just in case and the temperatures all went up to 60+. Back on a flat surface, they're back to the low 50s...still too hot.]

Could it be dusty inside?


4. Google Drive, which was one of the programs that won't run at startup, ran fine when I booted up this morning. The others (Outpost firewall, Update Checker...) didn't.

And, even from this morning's startup, things are very, very slow. For example, if I right-click on an icon, it takes 30-45 seconds for the menu to open.

Thanks...

Speccy log================================

Summary
Operating System
Microsoft Windows 7 Starter 32-bit SP1
CPU
Intel Atom @ 1.50GHz 58 °C
45nm Technology
RAM
1.00GB Single-Channel DDR3 (5-5-5-12)
Motherboard
ASUSTeK Computer INC. 1015PE (CPU 1) 55 °C
Graphics
ACER S271HL (1024x600@60Hz)
Intel Graphics Media Accelerator 3150 (ASUStek Computer Inc)
Intel Graphics Media Accelerator 3150 (ASUStek Computer Inc)
Hard Drives
233GB Seagate ST9250315AS (SATA) 40 °C
Optical Drives
No optical disk drives detected
Audio
Realtek High Definition Audio
Operating System
Microsoft Windows 7 Starter 32-bit SP1
Computer type: Notebook
Installation Date : 12/22/2010 8:17:29 AM
Serial Number:
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every Day
Schedule Time 3:00 AM
Windows Defender
Windows Defender Enabled
Firewall
Firewall Enabled
Display Name Outpost Security Suite
Antivirus
avast! Antivirus
Antivirus Enabled
Company Name AVAST Software
Product Version 8.0.1483.0
Virus Signature Database Up to date
Outpost Security Suite
Antivirus Disabled
Virus Signature Database Up to date
.NET Frameworks installed
v4.0 Full
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 9.0.8112.16421
PowerShell
Version 2.0
Java
Java Runtime Environment
Path C:\Program Files\Java\jre7\bin\java.exe
Version 7.0
Update 21
Build 11
Environment Variables
USERPROFILE C:\Users\Pockets
SystemRoot C:\windows
User Variables
TEMP C:\Users\Pockets\AppData\Local\Temp
TMP C:\Users\Pockets\AppData\Local\Temp
Machine Variables
ComSpec C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\windows\system32
C:\windows
C:\windows\System32\Wbem
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
C:\Program Files\WIDCOMM\Bluetooth Software\
C:\Program Files\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
TEMP C:\windows\TEMP
TMP C:\windows\TEMP
USERNAME SYSTEM
windir C:\windows
PSModulePath C:\windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 4
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER x86 Family 6 Model 28 Stepping 10, GenuineIntel
PROCESSOR_REVISION 1c0a
configsetroot C:\windows\ConfigSetRoot
Battery
AC Line Offline
Battery Charge % 41 %
Battery State Unknown status
Remaining Battery Time 2 : 27
Power Profile
Active power scheme Power saver
Hibernation Enabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Monitor after: (On Battery Power) 2 min
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 5 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) 10 min
Screen saver Enabled
Uptime
Current Session
Current Time 4/18/2013 10:37:03 PM
Current Uptime 4,733 sec (0 d, 01 h, 18 m, 53 s)
Last Boot Time 4/18/2013 9:18:10 PM
TimeZone
TimeZone GMT +1:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
acs.exe
Process ID 1688
armsvc.exe
Process ID 1724
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
Memory Usage 96 KB
Peak Memory Usage 3.86 MB
AsusService.exe
Process ID 1744
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\AsusService.exe
Memory Usage 88 KB
Peak Memory Usage 4.35 MB
AvastSvc.exe
Process ID 1400
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Memory Usage 25 MB
Peak Memory Usage 55 MB
AvastUI.exe
Process ID 3564
User Pockets
Domain Pockets-PC
Path C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage 2.54 MB
Peak Memory Usage 20 MB
btwdins.exe
Process ID 1768
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
Memory Usage 80 KB
Peak Memory Usage 6.11 MB
conhost.exe
Process ID 1416
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\conhost.exe
Memory Usage 124 KB
Peak Memory Usage 3.17 MB
csrss.exe
Process ID 508
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 1.57 MB
Peak Memory Usage 3.64 MB
csrss.exe
Process ID 556
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 6.55 MB
Peak Memory Usage 12 MB
dwm.exe
Process ID 1484
User Pockets
Domain Pockets-PC
Path C:\windows\system32\Dwm.exe
Memory Usage 2.05 MB
Peak Memory Usage 4.13 MB
ETDCtrl.exe
Process ID 3640
User Pockets
Domain Pockets-PC
Path C:\Program Files\Elantech\ETDCtrl.exe
Memory Usage 1.39 MB
Peak Memory Usage 13 MB
ETDCtrlHelper.exe
Process ID 2892
User Pockets
Domain Pockets-PC
Path C:\Program Files\Elantech\ETDCtrlHelper.exe
Memory Usage 540 KB
Peak Memory Usage 6.32 MB
explorer.exe
Process ID 2624
User Pockets
Domain Pockets-PC
Path C:\windows\Explorer.EXE
Memory Usage 26 MB
Peak Memory Usage 39 MB
flux.exe
Process ID 4032
User Pockets
Domain Pockets-PC
Path C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe
Memory Usage 2.49 MB
Peak Memory Usage 11 MB
GoogleCrashHandler.exe
Process ID 3368
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
Memory Usage 976 KB
Peak Memory Usage 4.67 MB
googledrivesync.exe
Process ID 2284
User Pockets
Domain Pockets-PC
Path C:\Program Files\Google\Drive\googledrivesync.exe
Memory Usage 104 KB
Peak Memory Usage 15 MB
googledrivesync.exe
Process ID 3928
User Pockets
Domain Pockets-PC
Path C:\Program Files\Google\Drive\googledrivesync.exe
Memory Usage 9.79 MB
Peak Memory Usage 56 MB
GrooveMonitor.exe
Process ID 3684
User Pockets
Domain Pockets-PC
Path C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Memory Usage 3.18 MB
Peak Memory Usage 7.36 MB
hkcmd.exe
Process ID 3528
User Pockets
Domain Pockets-PC
Path C:\Windows\System32\hkcmd.exe
Memory Usage 340 KB
Peak Memory Usage 5.76 MB
IAAnotif.exe
Process ID 3500
User Pockets
Domain Pockets-PC
Path C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Memory Usage 276 KB
Peak Memory Usage 7.04 MB
IAANTmon.exe
Process ID 2520
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
Memory Usage 1.00 MB
Peak Memory Usage 7.92 MB
igfxpers.exe
Process ID 3552
User Pockets
Domain Pockets-PC
Path C:\Windows\System32\igfxpers.exe
Memory Usage 280 KB
Peak Memory Usage 5.39 MB
igfxsrvc.exe
Process ID 3572
User Pockets
Domain Pockets-PC
Path C:\windows\system32\igfxsrvc.exe
Memory Usage 132 KB
Peak Memory Usage 5.73 MB
igfxtray.exe
Process ID 3520
User Pockets
Domain Pockets-PC
Path C:\Windows\System32\igfxtray.exe
Memory Usage 300 KB
Peak Memory Usage 5.71 MB
jusched.exe
Process ID 3984
User Pockets
Domain Pockets-PC
Path C:\Program Files\Common Files\Java\Java Update\jusched.exe
Memory Usage 108 KB
Peak Memory Usage 4.48 MB
LiveUpdate.exe
Process ID 3956
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
Memory Usage 84 KB
Peak Memory Usage 15 MB
lsass.exe
Process ID 664
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsass.exe
Memory Usage 3.21 MB
Peak Memory Usage 8.77 MB
lsm.exe
Process ID 676
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsm.exe
Memory Usage 1.07 MB
Peak Memory Usage 3.07 MB
nusb3mon.exe
Process ID 3752
User Pockets
Domain Pockets-PC
Path C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Memory Usage 616 KB
Peak Memory Usage 5.34 MB
psi_tray.exe
Process ID 3376
User Pockets
Domain Pockets-PC
Path C:\Program Files\Secunia\PSI\psi_tray.exe
Memory Usage 284 KB
Peak Memory Usage 4.66 MB
psia.exe
Process ID 732
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Secunia\PSI\PSIA.exe
Memory Usage 4.73 MB
Peak Memory Usage 17 MB
RescueTime.exe
Process ID 3324
User Pockets
Domain Pockets-PC
Path C:\Program Files\RescueTime\RescueTime.exe
Memory Usage 5.29 MB
Peak Memory Usage 9.47 MB
SearchIndexer.exe
Process ID 2744
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchIndexer.exe
Memory Usage 9.57 MB
Peak Memory Usage 16 MB
services.exe
Process ID 636
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\services.exe
Memory Usage 3.18 MB
Peak Memory Usage 8.72 MB
smss.exe
Process ID 380
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 68 KB
Peak Memory Usage 888 KB
Speccy.exe
Process ID 4540
User Pockets
Domain Pockets-PC
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
spoolsv.exe
Process ID 1588
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\spoolsv.exe
Memory Usage 3.16 MB
Peak Memory Usage 11 MB
sua.exe
Process ID 4092
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Secunia\PSI\sua.exe
Memory Usage 1.13 MB
Peak Memory Usage 3.04 MB
SuperHybridEngine.exe
Process ID 3900
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
Memory Usage 120 KB
Peak Memory Usage 6.52 MB
svchost.exe
Process ID 1140
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 1.22 MB
Peak Memory Usage 4.85 MB
svchost.exe
Process ID 1288
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 5.56 MB
Peak Memory Usage 13 MB
svchost.exe
Process ID 1616
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 2.18 MB
Peak Memory Usage 34 MB
svchost.exe
Process ID 1852
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 6.03 MB
Peak Memory Usage 8.47 MB
svchost.exe
Process ID 2020
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 112 KB
Peak Memory Usage 3.65 MB
svchost.exe
Process ID 460
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 100 KB
Peak Memory Usage 3.59 MB
svchost.exe
Process ID 1172
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 7.52 MB
Peak Memory Usage 13 MB
svchost.exe
Process ID 2988
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 120 KB
Peak Memory Usage 5.32 MB
svchost.exe
Process ID 776
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 2.55 MB
Peak Memory Usage 7.70 MB
svchost.exe
Process ID 868
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 2.82 MB
Peak Memory Usage 6.64 MB
svchost.exe
Process ID 956
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 7.67 MB
Peak Memory Usage 13 MB
svchost.exe
Process ID 992
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 28 MB
Peak Memory Usage 44 MB
svchost.exe
Process ID 1308
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 46 MB
svchost.exe
Process ID 1040
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 22 MB
svchost.exe
Process ID 2464
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 6.04 MB
Peak Memory Usage 6.04 MB
System
Process ID 4
System Idle Process
Process ID 0
taskhost.exe
Process ID 1092
User Pockets
Domain Pockets-PC
Path C:\windows\system32\taskhost.exe
Memory Usage 1.33 MB
Peak Memory Usage 6.43 MB
wininit.exe
Process ID 548
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wininit.exe
Memory Usage 92 KB
Peak Memory Usage 4.27 MB
winlogon.exe
Process ID 612
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\winlogon.exe
Memory Usage 1.09 MB
Peak Memory Usage 7.21 MB
wlanext.exe
Process ID 1408
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\WLANExt.exe
Memory Usage 1.57 MB
Peak Memory Usage 5.05 MB
WLIDSVC.EXE
Process ID 2276
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Memory Usage 1.85 MB
Peak Memory Usage 12 MB
WLIDSVCM.EXE
Process ID 2572
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Memory Usage 96 KB
Peak Memory Usage 3.69 MB
WmiPrvSE.exe
Process ID 5660
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
WmiPrvSE.exe
Process ID 4260
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
wmpnetwk.exe
Process ID 4084
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 5.32 MB
Peak Memory Usage 12 MB
Scheduler
4/18/2013 10:42 PM; GoogleUpdateTaskMachineUA
4/19/2013 6:42 PM; GoogleUpdateTaskMachineCore
Hotfixes
4/16/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1924.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/13/2013 Security Update for Windows 7 (KB2808735)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/13/2013 Update for Windows 7 (KB2799926)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
4/13/2013 Security Update for Windows 7 (KB2813170)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/13/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
4/13/2013 Security Update for Windows 7 (KB2813347)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/13/2013 Security Update for Windows 7 (KB2823324)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/13/2013 Windows Malicious Software Removal Tool - April 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
4/12/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1685.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/12/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1392.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/12/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2817183)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/11/2013 Security Update for Windows 7 (KB2813170)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
4/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1105.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.868.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/26/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.471.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/22/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.212.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/19/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.2105.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/19/2013 Security Update for Windows 7 (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/18/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.2049.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/16/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1873.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/16/2013 Windows Malicious Software Removal Tool - March 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
3/16/2013 Update for Windows 7 (KB2592687)
The Remote Desktop Protocol 8.0 update enables you to use the
new Remote Desktop Services features. These features are introduced
in Windows 8 and in Windows Server 2012 and are available for
computers that are running Windows 7 Service Pack 1 or Windows
Server 2008 R2 Service Pack 1. After you install this item, you
may have to restart your computer.
3/16/2013 Platform Update for Windows 7 (KB2670838)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
3/15/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
3/15/2013 Update for Microsoft Office 2007 suites (KB2687493)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
3/15/2013 Security Update for Microsoft Silverlight (KB2814124)
This security update to Silverlight includes fixes outlined in
KB 2814124. This update is backward compatible with web applications
built using previous versions of Silverlight.
3/15/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2809289)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
3/15/2013 Update for Windows 7 (KB2791765)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
3/12/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1584.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1381.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1035.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.817.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
System Folders
Path for burning CD C:\Users\Pockets\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\Pockets\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\Pockets\Desktop
Physical Desktop C:\Users\Pockets\Desktop
User Favorites C:\Users\Pockets\Favorites
Fonts C:\windows\Fonts
Internet History C:\Users\Pockets\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\Pockets\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\Pockets\AppData\Local
Windows Directory C:\windows
Windows/System C:\windows\system32
Program Files C:\Program Files
Services
Running Adobe Acrobat Update Service
Running Agnitum Client Security Service
Running Application Experience
Running Application Information
Running Asus Launcher Service
Running avast! Antivirus
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running Bluetooth Service
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running Group Policy Client
Running HomeGroup Provider
Running IKE and AuthIP IPsec Keying Modules
Running Intel Matrix Storage Event Monitor
Running IP Helper
Running IPsec Policy Agent
Running Net Driver HPZ12
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Peer Name Resolution Protocol
Running Peer Networking Identity Manager
Running Plug and Play
Running Pml Driver HPZ12
Running PnP-X IP Bus Enumerator
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Secunia PSI Agent
Running Secunia Update Agent
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Themes
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Defender
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Font Cache Service
Running Windows Live ID Sign-in Assistant
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WinHTTP Web Proxy Auto-Discovery Service
Running WLAN AutoConfig
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Adobe Flash Player Update Service
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped ASP.NET State Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Credential Manager
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped FLEXnet Licensing Service
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Google Updater Service
Stopped Health Key and Certificate Management
Stopped HomeGroup Listener
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Office Groove Audit Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Multimedia Class Scheduler
Stopped Net.Msmq Listener Adapter
Stopped Net.Pipe Listener Adapter
Stopped Net.Tcp Listener Adapter
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Parental Controls
Stopped Peer Networking Grouping
Stopped Performance Logs & Alerts
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Skype Updater
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Tablet PC Input Service
Stopped Telephony
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped UPnP Device Host
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Firewall
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Live Family Safety Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
Security Options
Accounts: Administrator account status Disabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network Security: Allow PKU2U authentication requests to this computer to use online identities Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems Posix
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x86-based PC
Microsoft ACPI-Compliant System
Intel Atom CPU N550 @ 1.50GHz
Intel Atom CPU N550 @ 1.50GHz
Intel Atom CPU N550 @ 1.50GHz
Intel Atom CPU N550 @ 1.50GHz
System board
ACPI Lid
ACPI Sleep Button
ACPI Power Button
Microsoft Windows Management Interface for ACPI
ACPI Thermal Zone
ACPI Fixed Feature Button
PCI bus
Intel N10 Family DMI Bridge - A010
Intel Graphics Media Accelerator 3150
Intel N10/ICH7 Family PCI Express Root Port - 27D0
Intel 82801 PCI Bridge - 2448
System board
Motherboard resources
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
Intel® Graphics Media Accelerator 3150
ACER S271HL
High Definition Audio Controller
Realtek High Definition Audio
Intel® N10/ICH7 Family PCI Express Root Port - 27D2
Broadcom 802.11n Network Adapter
Intel® N10/ICH7 Family PCI Express Root Port - 27D6
Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Intel® N10/ICH7 Family USB Universal Host Controller - 27C8
USB Root Hub
Intel® N10/ICH7 Family USB Universal Host Controller - 27C9
USB Root Hub
Intel® N10/ICH7 Family USB Universal Host Controller - 27CA
USB Root Hub
Intel® N10/ICH7 Family USB Universal Host Controller - 27CB
USB Root Hub
Intel® N10/ICH7 Family USB2 Enhanced Host Controller - 27CC
USB Root Hub
USB Composite Device
USB2.0 UVC VGA WebCam
Intel® NM10 Family LPC Interface Controller - 27BC
Programmable interrupt controller
Direct memory access controller
System timer
System CMOS/real time clock
Keyboard Device Filter
ELAN PS/2 Port Input Device
System speaker
Numeric data processor
Microsoft ACPI-Compliant Embedded Controller
Motherboard resources
High precision event timer
Motherboard resources
Intel® NM10 Express Chipset
ST9250315AS
CPU
Intel Atom
Cores 2
Threads 4
Name Intel Atom
Package Socket 437 FCBGA8
Technology 45nm
Specification Intel Atom CPU N550 @ 1.50GHz
Family 6
Extended Family 6
Model C
Extended Model 1C
Stepping A
Revision B0
Instructions MMX, SSE, SSE2, SSE3, SSSE3, Intel 64
Virtualization Not supported
Hyperthreading Supported, Enabled
Bus Speed 166.6 MHz
Rated Bus Speed 666.2 MHz
Stock Core Speed 1500 MHz
Stock Bus Speed 166 MHz
Average Temperature 58 °C
Caches
L1 Data Cache Size 2 x 24 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 512 KBytes
Core 0
Core Speed 999.3 MHz
Multiplier x 6.0
Bus Speed 166.6 MHz
Rated Bus Speed 666.2 MHz
Temperature 58 °C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 999.3 MHz
Multiplier x 6.0
Bus Speed 166.6 MHz
Rated Bus Speed 666.2 MHz
Temperature 57 °C
Thread 1
APIC ID 2
Thread 2
APIC ID 3
RAM
Memory
Type DDR3
Size 1016 MBytes
Channels # Single
CAS# Latency (CL) 5 clocks
RAS# to CAS# Delay (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cycle Time (tRAS) 12 clocks
Command Rate (CR) 2T
Physical Memory
Memory Usage 94 %
Total Physical MB
Available Physical 55 MB
Total Virtual 1.99 GB
Available Virtual 384 MB
SPD
Number Of SPD Modules 0
Motherboard
Manufacturer ASUSTeK Computer INC.
Model 1015PE (CPU 1)
Version x.x
Chipset Vendor Intel
Chipset Model Atom Host Bridge
Chipset Revision 02
Southbridge Vendor Intel
Southbridge Model NM10
Southbridge Revision 02
System Temperature 55 °C
BIOS
Brand American Megatrends Inc.
Version 0801
Date 10/6/2010
PCI Data
Graphics
Monitor
Name ACER S271HL on Intel Graphics Media Accelerator 3150
Current Resolution 1024x600 pixels
Work Resolution 1024x560 pixels
State Enabled, Primary
Monitor Width 1024
Monitor Height 600
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel Graphics Media Accelerator 3150
Device ID 8086-A011
Revision 3
Subvendor ASUStek Computer Inc (1043)
Current Performance Level Level 1
Driver version 8.14.10.2230
Count of performance levels : 1
Level 1
Intel Graphics Media Accelerator 3150
Device ID 8086-A012
Revision 3
Subvendor ASUStek Computer Inc (1043)
Current Performance Level Level 1
Driver version 8.14.10.2230
Count of performance levels : 1
Level 1
OpenGL
Version 1.4.0 - Build 8.14.10.2230
Vendor Intel
Renderer Intel Pineview Platform
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 16
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_blend_color
GL_EXT_abgr
GL_EXT_texture3D
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_EXT_cull_vertex
GL_SGIS_texture_edge_clamp
GL_SGIS_generate_mipmap
GL_EXT_draw_range_elements
GL_SGIS_texture_lod
GL_EXT_rescale_normal
GL_EXT_packed_pixels
GL_EXT_separate_specular_color
GL_ARB_multitexture
GL_EXT_texture_env_combine
GL_EXT_bgra
GL_EXT_blend_func_separate
GL_EXT_secondary_color
GL_EXT_fog_coord
GL_EXT_texture_env_add
GL_ARB_texture_cube_map
GL_ARB_transpose_matrix
GL_ARB_texture_env_add
GL_IBM_texture_mirrored_repeat
GL_EXT_multi_draw_arrays
GL_NV_blend_square
GL_ARB_texture_compression
GL_3DFX_texture_compression_FXT1
GL_EXT_texture_filter_anisotropic
GL_ARB_texture_border_clamp
GL_ARB_point_parameters
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_EXT_texture_compression_s3tc
GL_ARB_shadow
GL_ARB_window_pos
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_ARB_vertex_program
GL_ARB_fragment_program
GL_EXT_stencil_two_side
GL_ARB_vertex_buffer_object
GL_EXT_texture_lod_bias
GL_NV_texgen_reflection
GL_ARB_depth_texture
GL_WIN_swap_hint
GL_EXT_bgra
Hard Drives
ST9250315AS
Manufacturer Seagate
Form Factor 2.5"
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number 5VCL5V61
LBA Size 48-bit LBA
Power On Count 1643 times
Power On Time 146.0 days
Speed, Expressed in Revolutions Per Minute (rpm) 5400
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 233 GB
Real size 250,059,350,016 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 117 (090) Data 000951F734
03 Spin-Up Time 099 (099) Data 0000000000
04 Start/Stop Count 099 (099) Data 00000006C9
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 081 (060) Data 0008084DDC
09 Power-On Hours (POH) 097 (097) Data 0000000DAF
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 099 (099) Data 000000066B
B8 End-to-End error / IOEDC 100 (100) Data 0000000000
BB Reported Uncorrectable Errors 082 (082) Data 0000000012
BC Command Timeout 100 (099) Data 0000010003
BD High Fly Writes (WDC) 100 (100) Data 0000000000
BE Temperature Difference from 100 060 (049) Data 002A170028
BF G-sense error rate 100 (100) Data 0000000087
C0 Power-off Retract Count 100 (100) Data 0000000016
C1 Load/Unload Cycle Count 091 (091) Data 000000468E
C2 Temperature 040 (051) Data 0000000028
C3 Hardware ECC Recovered 054 (045) Data 000951F734
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
FE Free Fall Protection 100 (100) Data 0000000000
Temperature 40 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number 1E7CD2B0
Size 100 GB
Used Space 74 GB (75%)
Free Space 25.9 GB (25%)
Partition 1
Partition ID Disk #0, Partition #1
Size 15.0 GB
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter D:
File System NTFS
Volume Serial Number 784E1247
Size 118 GB
Used Space 253 MB (1%)
Free Space 118 GB (99%)
Partition 3
Partition ID Disk #0, Partition #3
Size 20.1 MB
Optical Drives
No optical disk drives detected
Audio
Sound Card
Realtek High Definition Audio
Playback Device
Speakers (Realtek High Definition Audio)
Recording Device
Microphone (Realtek High Definition Audio)
Speaker Configuration
Speaker type Stereo
Peripherals
Keyboard Device Filter
Device Kind Keyboard
Device Name Keyboard Device Filter
Vendor Keyboard Device Filter
Location plugged into keyboard port
Driver
Date 7-20-2009
Version 1.0.0.3
File C:\windows\system32\DRIVERS\kbfiltr.sys
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\kbdclass.sys
ELAN PS/2 Port Input Device
Device Kind Mouse
Device Name ELAN PS/2 Port Input Device
Vendor ELAN
Location plugged into PS/2 mouse port
Driver
Date 4-13-2011
Version 8.0.5.3
File C:\windows\system32\DRIVERS\ETD.sys
File C:\Program Files\Elantech\ETDCtrl.exe
File C:\Program Files\Elantech\ETDApix.dll
File C:\Program Files\Elantech\ETDCmds.dll
File C:\Program Files\Elantech\ETDMag.exe
File C:\Program Files\Elantech\ETDUninst.dll
File C:\Program Files\Elantech\ETDUn_inst.exe
File C:\Program Files\Elantech\ETDMcpl.dll
File C:\Program Files\Elantech\ETDApi.dll
File C:\Program Files\Elantech\ETDFavorite.dll
File C:\Program Files\Elantech\ETDDeviceInformation.exe
File C:\Program Files\Elantech\ETDCtrlHelper.exe
File C:\windows\system32\ETDUI.cpl
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\mouclass.sys
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor IMC Networks
Comment USB2.0 UVC VGA WebCam
Location 0000.001d.0007.006.000.000.000.000.000
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\windows\system32\drivers\usbvideo.sys
Printers
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\windows\system32\spool\DRIVERS\W32X86\3\FXSDRV.DLL
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
PDF reDirect v2
Printer Port PDF_REDIRECT_PORT:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name PDF reDirect Pro (v5.02)
Driver Path C:\windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Send To OneNote 2007 (Default Printer)
Printer Port Send To Microsoft OneNote Port:
Print Processor OneNotePrint2007
Availability Always
Priority 1
Duplex None
Print Quality 300 * 300 dpi Color
Status Unknown
Driver
Driver Name Send To Microsoft OneNote Driver (v4.00)
Driver Path C:\windows\system32\spool\DRIVERS\W32X86\3\msonpdrv.dll
Network
You are connected to the internet
Connected through Broadcom 802.11n Network Adapter
IP Address 192.168.1.11
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 213.46.172.36
Alternate DNS server 213.46.172.37
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 213.220.193.234
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Broadcast node
Link Speed 0 Bps
Computer Name
NetBIOS Name POCKETS-PC
DNS Name Pockets-PC
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain Pockets-PC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 17
Wi-Fi (UPC107259)
SSID UPC107259
Name UPC107259
Signal Strength/Quality 40
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (linksys)
SSID linksys
Name linksys
Signal Strength/Quality 16
Security Disabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network No Cipher algorithm is enabled/supported
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (UPC786427)
SSID UPC786427
Name UPC786427
Signal Strength/Quality 36
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (UPC226908)
SSID UPC226908
Name UPC226908
Signal Strength/Quality 28
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (citycrown)
SSID citycrown
Name citycrown
Signal Strength/Quality 22
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (SimplyHotel)
SSID SimplyHotel
Name SimplyHotel
Signal Strength/Quality 24
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (Tel608038549.CZ-Bv)
SSID Tel608038549.CZ-Bv
Name Tel608038549.CZ-Bv
Signal Strength/Quality 24
Security Disabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network No Cipher algorithm is enabled/supported
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (ROKAFIHOLI)
SSID ROKAFIHOLI
Name ROKAFIHOLI
Signal Strength/Quality 18
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (Internet)
SSID Internet
Name Internet
Signal Strength/Quality 32
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (NETGEAR59)
SSID NETGEAR59
Name NETGEAR59
Signal Strength/Quality 18
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (wifi)
SSID wifi
Name wifi
Signal Strength/Quality 66
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (rage)
SSID rage
Name rage
Signal Strength/Quality 24
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (5aT)
SSID 5aT
Name 5aT
Signal Strength/Quality 22
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (Doma)
SSID Doma
Name Doma
Signal Strength/Quality 8
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (UPC645405)
SSID UPC645405
Name UPC645405
Signal Strength/Quality 16
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (kr172)
SSID kr172
Name kr172
Signal Strength/Quality 12
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (UPC107259)
SSID UPC107259
Name UPC107259
Signal Strength/Quality 100
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Broadcom 802.11n Network Adapter
IP Address 192.168.1.11
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
No network shares
Current TCP Connections
AvastSvc.exe (1400)
Local 0.0.0.0:12025 LISTEN
Local 0.0.0.0:12110 LISTEN
Local 0.0.0.0:12119 LISTEN
Local 0.0.0.0:12143 LISTEN
Local 127.0.0.1:12119 LISTEN
Local 127.0.0.1:12143 LISTEN
Local 127.0.0.1:12465 LISTEN
Local 127.0.0.1:12563 LISTEN
Local 127.0.0.1:12993 LISTEN
Local 127.0.0.1:12995 LISTEN
Local 127.0.0.1:27275 LISTEN
Local 127.0.0.1:12080 LISTEN
Local 127.0.0.1:12025 LISTEN
Local 0.0.0.0:27275 LISTEN
Local 0.0.0.0:12995 LISTEN
Local 192.168.1.11:49971 ESTABLISHED Remote 77.234.41.51:80 (Querying... ) (HTTP)
Local 0.0.0.0:12993 LISTEN
Local 0.0.0.0:12563 LISTEN
Local 0.0.0.0:12465 LISTEN
Local 127.0.0.1:12110 LISTEN
C:\Program Files\Google\Drive\googledrivesync.exe (3928)
Local 192.168.1.11:49184 ESTABLISHED Remote 173.194.70.125:5222 (Querying... )
System Process
Local 192.168.1.11:49982 TIME-WAIT Remote 108.171.164.205:80 (Querying... ) (HTTP)
Local 192.168.1.11:49980 TIME-WAIT Remote 77.234.40.68:80 (Querying... ) (HTTP)
Local 192.168.1.11:49979 TIME-WAIT Remote 50.57.34.140:80 (Querying... ) (HTTP)
Local 192.168.1.11:49976 TIME-WAIT Remote 54.243.227.93:80 (Querying... ) (HTTP)
Local 192.168.1.11:49970 TIME-WAIT Remote 54.243.227.93:80 (Querying... ) (HTTP)
Local 192.168.1.11:49968 TIME-WAIT Remote 54.243.227.93:80 (Querying... ) (HTTP)
Local 192.168.1.11:49955 TIME-WAIT Remote 173.194.35.68:443 (Querying... ) (HTTPS)
Local 192.168.1.11:49936 TIME-WAIT Remote 173.194.39.182:443 (Querying... ) (HTTPS)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 0.0.0.0:5357 LISTEN
Local 192.168.1.11:139 (NetBIOS session service) LISTEN
lsass.exe (664)
Local 0.0.0.0:49155 LISTEN
psia.exe (732)
Local 192.168.1.11:49164 CLOSE-WAIT Remote 91.198.117.247:443 (Querying... ) (HTTPS)
services.exe (636)
Local 0.0.0.0:49159 LISTEN
svchost.exe (1040)
Local 0.0.0.0:49154 LISTEN
svchost.exe (868)
Local 0.0.0.0:135 (DCE) LISTEN
svchost.exe (956)
Local 0.0.0.0:49153 LISTEN
wininit.exe (548)
Local 0.0.0.0:49152 LISTEN

Edited by praxidice, 19 April 2013 - 05:38 AM.

  • 0

#6
praxidice
Posted 19 April 2013 - 05:39 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
OTL logs ===============================

OTL logfile created on: 4/19/2013 10:29:52 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pockets\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.12 Mb Total Physical Memory | 124.89 Mb Available Physical Memory | 12.32% Memory free
1.99 Gb Paging File | 0.30 Gb Available in Paging File | 15.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 27.61 Gb Free Space | 27.61% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 117.49 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: POCKETS-PC | User Name: Pockets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/19 07:32:23 | 004,986,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe
PRC - [2013/04/17 10:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pockets\Desktop\OTL.exe
PRC - [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- d:\3a32e2f826298154f2a53c\MPSigStub.exe
PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/03/07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/22 19:37:26 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/22 08:54:26 | 002,765,312 | ---- | M] (RescueTime, Inc.) -- C:\Program Files\RescueTime\RescueTime.exe
PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/08/01 07:07:18 | 000,425,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2011/07/13 02:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2011/04/12 22:18:54 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2011/04/12 22:18:52 | 001,813,800 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/01/22 05:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/19 10:16:08 | 000,128,512 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\_elementtree.pyd
MOD - [2013/04/19 10:16:07 | 000,557,056 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\pysqlite2._sqlite.pyd
MOD - [2013/04/19 10:16:07 | 000,098,816 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32api.pyd
MOD - [2013/04/19 10:16:07 | 000,044,032 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\_socket.pyd
MOD - [2013/04/19 10:16:07 | 000,022,528 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32ts.pyd
MOD - [2013/04/19 10:16:06 | 000,320,512 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32com.shell.shell.pyd
MOD - [2013/04/19 10:16:06 | 000,070,656 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._html2.pyd
MOD - [2013/04/19 10:16:06 | 000,011,264 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32crypt.pyd
MOD - [2013/04/19 10:16:05 | 001,022,416 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\windows._cacheinvalidation.pyd
MOD - [2013/04/19 10:16:05 | 000,805,888 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._gdi_.pyd
MOD - [2013/04/19 10:16:05 | 000,017,408 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32profile.pyd
MOD - [2013/04/19 10:16:04 | 000,364,544 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\pythoncom27.dll
MOD - [2013/04/19 10:16:04 | 000,087,040 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\_ctypes.pyd
MOD - [2013/04/19 10:16:03 | 000,735,232 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._misc_.pyd
MOD - [2013/04/19 10:16:03 | 000,110,080 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\PyWinTypes27.dll
MOD - [2013/04/19 10:16:02 | 000,108,544 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32security.pyd
MOD - [2013/04/19 10:16:01 | 001,175,040 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._core_.pyd
MOD - [2013/04/19 10:16:00 | 001,153,024 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\_ssl.pyd
MOD - [2013/04/19 10:15:59 | 000,711,680 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\_hashlib.pyd
MOD - [2013/04/19 10:15:59 | 000,035,840 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32process.pyd
MOD - [2013/04/19 10:15:59 | 000,025,600 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32pdh.pyd
MOD - [2013/04/19 10:15:58 | 000,811,008 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._windows_.pyd
MOD - [2013/04/19 10:15:58 | 000,122,368 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._wizard.pyd
MOD - [2013/04/19 10:15:57 | 000,119,808 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32file.pyd
MOD - [2013/04/19 10:15:56 | 000,038,912 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32inet.pyd
MOD - [2013/04/19 10:15:54 | 001,062,400 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\wx._controls_.pyd
MOD - [2013/04/19 10:15:54 | 000,127,488 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\pyexpat.pyd
MOD - [2013/04/19 10:15:54 | 000,018,432 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\win32event.pyd
MOD - [2013/04/19 10:15:53 | 000,686,080 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\unicodedata.pyd
MOD - [2013/04/19 10:15:53 | 000,010,240 | ---- | M] () -- C:\Users\Pockets\AppData\Local\Temp\_MEI20962\select.pyd
MOD - [2013/04/09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2009/08/29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV - [2013/03/23 14:32:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/05/23 07:53:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/04 11:57:28 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)
SRV - [2010/05/21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013/03/07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 01:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/03/21 17:27:58 | 000,708,760 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/03/21 17:27:20 | 000,034,096 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/03/21 17:27:16 | 000,070,160 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/02/09 08:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2011/02/02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 16:37:40 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/20 17:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{133520C5-3880-4076-896D-F5FB2FC77692}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/22 15:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/22 00:06:52 | 000,000,000 | ---D | M]

[2012/06/23 17:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pockets\AppData\Roaming\Mozilla\Firefox\extensions
[2012/06/23 17:25:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pockets\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2013/04/01 19:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/29 13:13:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/29 13:12:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.gmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: DoNotTrackMe = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.3.7_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: Pinterest = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Rapportive = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: avast! WebRep = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Disconnect = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.0.0_1\
CHR - Extension: Ghostery = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Save in Delicious = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd\1.2_0\
CHR - Extension: Click&Clean App = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Gmail = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Privacyfix by Privacychoice = C:\Users\Pockets\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\4.0.2_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Pockets\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk = C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
O4 - Startup: C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk = C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {273D7C55-6B65-4EB5-A636-D4F8BCA344E0} http://ace.gojls.com...isualEditor.cab (VisualEditor Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {B8677403-AAE2-40AB-8DB1-5FA6C4E4A9E5} http://dist.cdnetwor...uaWebPlayer.cab (AquaWebPlayer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A0C2821-DC1A-4549-A425-BC80A8F8383F}: DhcpNameServer = 168.126.63.1 168.126.63.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F18227E-BCF3-47C1-8E03-F98BEEDE877E}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{51093505-479a-11e0-9d56-bcaec5022308}\Shell - "" = AutoRun
O33 - MountPoints2\{51093505-479a-11e0-9d56-bcaec5022308}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{b6a3971e-e1a3-11e0-9ac9-bcaec5022308}\Shell - "" = AutoRun
O33 - MountPoints2\{b6a3971e-e1a3-11e0-9ac9-bcaec5022308}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe - (ASUSTeK Computer Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Pockets^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig - StartUpReg: CapsHook - hkey= - key= - File not found
MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MsConfig - StartUpReg: EeeSplendidAgent - hkey= - key= - File not found
MsConfig - StartUpReg: GraphicsSwitch - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotkeyMon - hkey= - key= - File not found
MsConfig - StartUpReg: HotkeyService - hkey= - key= - File not found
MsConfig - StartUpReg: LiveUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: OOBESetup - hkey= - key= - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= - File not found
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2030/01/01 14:10:42 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/04/18 22:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/04/17 10:14:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pockets\Desktop\OTL.exe
[2013/04/17 09:50:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/04/17 09:49:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/04/17 09:49:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/04/17 09:49:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/04/12 10:17:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/04/12 10:17:46 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/04/12 10:17:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2013/04/12 09:55:35 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/04/12 09:46:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/12 09:46:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/12 09:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/12 09:46:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/12 09:46:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/12 09:46:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/12 09:46:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/12 09:46:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/10 10:34:52 | 000,000,000 | --SD | C] -- C:\Users\Pockets\Google Drive
[2013/04/10 10:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/04/04 22:10:10 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\Health Resources
[2013/04/02 16:09:52 | 004,550,656 | ---- | C] (Google Inc.) -- C:\windows\System32\GPhotos.scr
[2013/04/01 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/26 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\Pockets\AppData\Local\RescueTime.com
[2013/03/26 21:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
[2013/03/26 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\RescueTime
[2013/03/25 23:37:33 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\Takeaway
[2013/03/25 23:36:38 | 000,000,000 | ---D | C] -- C:\Users\Pockets\Desktop\New Step by Step audio

========== Files - Modified Within 30 Days ==========

[2013/04/19 10:59:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/19 10:43:04 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 10:22:44 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 10:22:44 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 10:15:38 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 10:12:59 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/18 22:24:35 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/04/18 21:15:41 | 000,069,632 | ---- | M] () -- C:\Users\Pockets\Desktop\application log events.evtx
[2013/04/18 21:09:49 | 020,975,616 | ---- | M] () -- C:\Users\Pockets\Desktop\system log events.evtx
[2013/04/17 10:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pockets\Desktop\OTL.exe
[2013/04/17 09:48:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/04/17 09:48:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/04/17 09:48:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/04/17 09:48:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/04/17 09:48:40 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013/04/17 09:48:39 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013/04/15 22:25:08 | 000,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2013/04/13 13:51:43 | 000,402,688 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/10 10:34:54 | 000,001,643 | ---- | M] () -- C:\Users\Pockets\Desktop\Google Drive.lnk
[2013/04/04 22:14:17 | 000,660,318 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/04/04 22:14:17 | 000,121,214 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/04/04 14:26:11 | 000,001,468 | ---- | M] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk
[2013/04/04 14:25:59 | 000,001,676 | ---- | M] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk
[2013/04/02 16:09:52 | 004,550,656 | ---- | M] (Google Inc.) -- C:\windows\System32\GPhotos.scr
[2013/03/26 21:58:30 | 000,001,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2013/03/26 21:40:23 | 000,497,900 | ---- | M] () -- C:\Users\Pockets\Desktop\Minimalist_Guide_to_Hacking_Your_Habits.pdf
[2013/03/23 14:32:55 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/03/23 14:32:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/03/22 00:07:10 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt

========== Files Created - No Company Name ==========

[2030/01/01 14:10:42 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/04/18 22:24:35 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/04/18 21:11:14 | 000,069,632 | ---- | C] () -- C:\Users\Pockets\Desktop\application log events.evtx
[2013/04/18 21:09:39 | 020,975,616 | ---- | C] () -- C:\Users\Pockets\Desktop\system log events.evtx
[2013/04/15 22:25:08 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2013/04/10 10:34:54 | 000,001,643 | ---- | C] () -- C:\Users\Pockets\Desktop\Google Drive.lnk
[2013/04/04 14:26:11 | 000,001,468 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UpdateChecker.exe - Shortcut.lnk
[2013/04/04 14:25:59 | 000,001,676 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acs.exe - Shortcut.lnk
[2013/04/01 19:33:14 | 000,001,941 | ---- | C] () -- C:\Users\Pockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/03/26 21:58:30 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2013/03/26 21:39:54 | 000,497,900 | ---- | C] () -- C:\Users\Pockets\Desktop\Minimalist_Guide_to_Hacking_Your_Habits.pdf
[2013/03/22 22:59:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/22 00:07:13 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/22 00:07:12 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2012/12/04 16:19:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/23 15:22:27 | 000,364,544 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2011/09/13 00:40:49 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011/06/25 07:15:01 | 000,000,034 | -H-- | C] () -- C:\windows\System32\Converter_sysquict.dat
[2011/01/28 01:56:15 | 000,014,848 | ---- | C] () -- C:\Users\Pockets\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 01:25:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/25 19:44:43 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9250315AS
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 107375230976
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 118.00GB
Starting Offset: 123481358336
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00MB
Starting Offset: 250038190080
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/07/19 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Adobe
[2013/02/28 13:17:08 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Agnitum
[2010/09/25 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\ASUS WebStorage
[2012/03/28 02:22:40 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Audacity
[2012/09/18 06:06:02 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\AudioConverter
[2012/09/18 06:06:46 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\AxaraMedia
[2012/01/05 14:57:49 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\calibre
[2011/02/11 03:58:41 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/26 13:27:25 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/16 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Download Manager
[2012/08/12 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Dropbox
[2012/05/21 05:11:07 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\HpUpdate
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Identities
[2010/09/25 19:30:46 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\InstallShield
[2010/09/25 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Macromedia
[2011/07/13 23:08:34 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Malwarebytes
[2012/01/22 06:40:38 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Mapi2Xml
[2010/12/27 00:35:56 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Media Player Classic
[2011/10/31 17:09:05 | 000,000,000 | --SD | M] -- C:\Users\Pockets\AppData\Roaming\Microsoft
[2012/06/23 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Mozilla
[2012/04/04 05:02:36 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\NCH Software
[2012/01/05 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\PDF reDirect
[2012/03/28 02:04:04 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\REAPER
[2012/03/28 01:36:01 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Recordpad
[2013/04/01 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Skype
[2011/07/07 07:57:29 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\skypePM
[2010/12/31 04:17:31 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\Tencent
[2011/06/22 06:17:20 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\vlc
[2011/01/21 01:15:57 | 000,000,000 | ---D | M] -- C:\Users\Pockets\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 14:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 14:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 14:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 18:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
[2012/10/03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/13 02:43:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 14:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 03:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/14 04:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/14 03:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 23:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 23:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 23:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 23:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 23:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 23:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 23:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/14 04:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2010/12/22 09:30:46 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʋ
[2010/12/22 09:30:46 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʋ

< End of report >

================================================

OTL Extras logfile created on: 4/19/2013 10:29:52 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pockets\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.12 Mb Total Physical Memory | 124.89 Mb Available Physical Memory | 12.32% Memory free
1.99 Gb Paging File | 0.30 Gb Available in Paging File | 15.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 27.61 Gb Free Space | 27.61% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 117.49 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: POCKETS-PC | User Name: Pockets | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35B1C2EA-E53B-48DB-9347-2529AAAEB903}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3C396DFC-36AF-476F-B9D5-95A4C1FCF766}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9FC72119-1657-4501-B30D-CD2ACA51CBFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0C5516D-2D81-499E-B83C-642128954D09}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{BF977DAD-D900-44B0-8E6A-D8FBEB1F0F2C}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{DBEDE350-5A6F-415A-908B-B1C9E03C274D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DBF818F2-12D8-4B43-9464-2A3B7B71DE65}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07918CED-6E1D-4BE7-86F9-C4BDB7FC32A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A6A4B2A-00C1-4706-B6AB-777BE96AA664}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C4656A6-AAF3-4F7F-BA43-D9B8CA7889BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D177931-F439-494C-AAE5-86ED820C4A71}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{109BC08D-AEB2-40FD-8C53-4C408C8BB4B9}" = protocol=6 | dir=in | app=c:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe |
"{22E093AC-DB6F-43C2-98F8-AEC079FCDEB8}" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{425721F3-9C7E-4ECB-8507-63535FBAC01C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{58F90F90-A7C2-4280-AD69-58755ED0017F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7608BA91-9757-4DDE-B24B-81543F096E0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{800212FD-EC9C-431C-A4D7-5DC5BBE82C9A}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{8EA4E252-DB7E-47F6-A693-94B5FCE1F33E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{94FF0051-7899-44CF-9EB3-0CFF8647728B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A04A8FC-7760-43D5-BBD5-71AE619DDE45}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{A4024C06-7169-4D1B-BA17-1858A2C5A4F2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BA9C0091-FF8A-47E2-9B2F-6A19E3F8ED53}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{CA3FC2A2-0EA6-4EA5-804C-B9A49D5A1578}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{DB892DD0-F0FC-42E0-BD43-DC604212B332}" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E2639BB3-4047-47E3-949E-CDC5F556C806}" = protocol=17 | dir=in | app=c:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{271E5067-D937-4EE0-9257-508DBEAC3031}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3560B245-7686-4E36-82DF-85B653FBEE7A}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"TCP Query User{D2ECE285-6329-4831-AEBE-D8B42A67998D}C:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{14AB1E60-3D3A-4F8C-96B1-64EBBB5E881D}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{616924D3-918F-4015-92A1-052DC070C596}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BF1B1059-6387-42A6-BD1E-0937D08B63EE}C:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pockets\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.8.0
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{59264B6B-378B-4FC2-ADA2-F5BCE75B86A8}_is1" = VisualEditor 1.0
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3B00119-6B5F-4187-B6C4-F6004DD576D3}_is1" = Magic Audio Converter and CD Ripper
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1.1
"Anki" = Anki
"ASIO4ALL" = ASIO4ALL
"Asus Vibe2.0" = AsusVibe2.0
"avast" = avast! Free Antivirus
"Eee Docking_is1" = Eee Docking 3.8.1
"Elantech" = ETDWare PS/2-X86 8.0.5.3_WHQL
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn Disc Burning Software
"FileHippo.com" = FileHippo.com Update Checker
"gAttach!_is1" = gAttach!
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.2 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MixPad" = MixPad Audio Mixer
"OOBERegBackup_is1" = OOBERegBackup
"PDF reDirect" = PDF reDirect (remove only)
"Picasa 3" = Picasa 3
"Prism" = Prism Video File Converter
"REAPER" = REAPER
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Switch" = Switch Sound File Converter
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2013 5:48:40 PM | Computer Name = Pockets-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 11dc Start Time:
01ce3c76194ac132 Termination Time: 62 Application Path: C:\Users\Pockets\Downloads\OTL.exe

Report
Id:

[ OSession Events ]
Error - 3/25/2013 5:38:01 PM | Computer Name = Pockets-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7216
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/18/2013 3:18:47 PM | Computer Name = Pockets-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/18/2013 3:19:39 PM | Computer Name = Pockets-PC | Source = DCOM | ID = 10016
Description =

Error - 4/18/2013 5:45:50 PM | Computer Name = Pockets-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 4/19/2013 4:13:23 AM | Computer Name = Pockets-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/19/2013 6:39:38 AM | Computer Name = Pockets-PC | Source = NetBT | ID = 4321
Description = The name "POCKETS-PC :0" could not be registered on the interface
with IP address 192.168.1.11. The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by this computer.


< End of report >
  • 0

#7
RKinner
Posted 19 April 2013 - 08:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Dust is usually the problem with overheating. Sometimes a vacuum cleaner hose to clear the dust at each vent will help but don't let it over rev the fan. You might want to invest in a laptop cooler tray. I've seen them at Big Lots for $10.

Uninstall Speccy. We don't need it any more and we don't want it to keep running in the background.


You are running two anti-viruses which may be the root of your trouble. Outpost Security Suite 7.1.1 and Avast. Two will fight each other and slow things down considerably. Also I expect that the error you are getting about the PnP-X bus enumerator service is probably caused by the firewall blocking the service. I would uninstall Outpost Security Suite 7.1.1 and just run Avast. If you feel you need a firewall then the free Online Armor is pretty good. Once you uninstall Outpost:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#8
praxidice
Posted 19 April 2013 - 02:07 PM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi there,

I will open it up and spray it out (I don't have a vacuum). Thanks for the tips.

Speccy uninstalled.

I didn't know that Outpost was also an antivirus! I thought it was just a firewall. I uninstalled it, and things are moving along faster. But, the startup programs are still not starting.

I have used the other firewall you recommended before but had trouble with it (causing problems with my system), and switched. Windows Firewall also causes problems on this computer. Are there any other free firewalls you recommend? I really thought I should have one, from reading this website.

Thanks!

Here are the logs:

Process Explorer:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 68.82 0 K 24 K 0
procexp (1).exe 15.05 23,456 K 37,248 K 5296 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 6.93 51,984 K 29,892 K 1004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 110,132 K 74,924 K 2216 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.59 31,012 K 25,392 K 2004 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.81 48 K 164 K 4
Interrupts 0.90 0 K 0 K n/a Hardware Interrupts and DPCs
psia.exe 0.36 8,716 K 5,732 K 404 Secunia PSI Agent Secunia (Verified) Secunia
csrss.exe 0.80 9,132 K 7,040 K 524 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 0.21 5,620 K 2,608 K 3340 ETD Control Center ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
rundll32.exe 0.30 7,492 K 11,704 K 5112 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.20 4,004 K 4,244 K 616 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 24,956 K 8,224 K 3352 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RescueTime.exe 0.05 3,444 K 5,096 K 2504 RescueTime RescueTime, Inc. (No signature was present in the subject) RescueTime, Inc.
googledrivesync.exe 0.07 44,296 K 9,816 K 4000 Google Drive Google (Verified) Google Inc
services.exe 0.05 3,516 K 3,224 K 580 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.23 3,220 K 3,048 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.03 33,884 K 2,876 K 1352 avast! Service AVAST Software (Verified) AVAST Software
svchost.exe < 0.01 12,752 K 6,836 K 1260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.02 9,860 K 10,776 K 3276 avast! Antivirus AVAST Software (Verified) AVAST Software
flux.exe 0.01 4,540 K 2,640 K 4020 (No signature was present in the subject)
taskhost.exe 0.02 2,828 K 1,760 K 620 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
ETDCtrlHelper.exe 0.05 2,104 K 1,524 K 4068 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
psi_tray.exe 0.01 1,296 K 1,136 K 1960 Secunia PSI Tray Secunia (Verified) Secunia
svchost.exe 0.02 4,784 K 2,664 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 40,612 K 16,620 K 4364 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 7,108 K 5,676 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 55,244 K 27,636 K 4248 Google Chrome Google Inc. (Verified) Google Inc
WLIDSVC.EXE < 0.01 5,224 K 2,360 K 2228 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 0.59 33,548 K 28,092 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 3,568 K 2,140 K 3812 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,936 K 6,968 K 3844 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,288 K 5,044 K 1056 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 964 K 832 K 2532 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
wlanext.exe 1,412 K 1,184 K 1376 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,092 K 1,268 K 604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,144 K 384 K 516 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 3,232 K 7,180 K 3252 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.45 31,960 K 22,856 K 5844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 3,180 K 3,112 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,904 K 1,968 K 1604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,920 K 1,716 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 760 K 512 K 1972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 796 K 520 K 1876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,056 K 8,132 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,572 K 508 K 2832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 2,032 K 1,548 K 3644 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
sua.exe 1,912 K 1,392 K 2976 Secunia Update Agent Secunia (Verified) Secunia
spoolsv.exe 6,452 K 3,188 K 1556 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 328 K 292 K 348 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
nusb3mon.exe 0.01 1,592 K 1,568 K 3512 USB 3.0 Monitor NEC Electronics Corporation (No signature was present in the subject) NEC Electronics Corporation
lsm.exe 1,400 K 1,452 K 624 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LiveUpdate.exe 5,604 K 2,684 K 3940 Asus EeePC LiveUpdate for Bios, Driver, Software and Hotfix. AsusTek Computer Inc. (Verified) ASUSTeK Computer Inc.
jusched.exe 1,228 K 1,284 K 3952 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe 1,600 K 1,412 K 3168 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,876 K 1,352 K 3300 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,540 K 1,384 K 3244 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 2,068 K 2,000 K 2540 RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 2,276 K 1,652 K 3156 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hkcmd.exe 1,832 K 1,416 K 3204 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
GrooveMonitor.exe 2,204 K 1,784 K 3492 GrooveMonitor Utility Microsoft Corporation (Verified) Microsoft Corporation
googledrivesync.exe 1,172 K 272 K 4092 Google Drive Google (Verified) Google Inc
GoogleCrashHandler.exe 1,672 K 568 K 2348 Google Crash Handler Google Inc. (Verified) Google Inc
dwm.exe 1,272 K 908 K 1452 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.02 2,372 K 2,292 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 556 K 344 K 1384 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 24,956 K 12,196 K 4668 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 27,008 K 11,252 K 4428 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 34,156 K 21,560 K 4632 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 67,272 K 55,420 K 4600 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 55,324 K 57,676 K 5340 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 19,224 K 47,308 K 2848 Google Chrome Google Inc. (Verified) Google Inc
btwdins.exe 1,656 K 892 K 1804 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
AsusService.exe 848 K 656 K 1772 (No signature was present in the subject)
armsvc.exe 888 K 856 K 1752 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
dllhost.exe 3.19 1,516 K 4,472 K 5520 COM Surrogate Microsoft Corporation Verifying...


Event Viewer System:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/04/2013 9:39:43 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Event Viewer Application:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/04/2013 9:41:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#9
RKinner
Posted 19 April 2013 - 06:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you forget to reboot before running VEW?

Process Explorer looks much better now. If you are behind a router then it usually has a firewall so you don't really need one. Don't usually hear of Windows Firewall causing a problem and Online Armor is one of the better ones. What exactly stopped working with each?

What programs are not starting?
  • 0

#10
praxidice
Posted 20 April 2013 - 01:58 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Did you forget to reboot before running VEW? -- I must have, I'm sorry. Fresh logs are below.

I am behind a router at home but I use my computer all over the place and have a found a third-party firewall very useful.

Windows Firewall, for some reason, blocks the internet when I use Google Chrome. I spent a long time trying to figure it out (it's fine on my other computer) but could never fix it.

Online Armor -- it was over a year ago that I decided to switch, and I don't remember exactly what the problem was, but I think there was some conflict between it and another (unrelated) program I was running. I will try it again and see how it goes.

What programs are not starting? -- Sometimes Avast antivirus, sometimes Outpost (before I uninstalled it), sometimes Google Drive, always FileHippo Update Checker. It's never the same twice except for FileHippo.

And generally, while my computer ran faster as soon as I uninstalled Outpost yesterday, this morning when I started it, it was back to very, very slow. It takes ages to boot and when I am working on it, if I use too many shortcut keys or toggle between programs too quickly, it just stalls out for a while. Programs in general take a very long time to open as well.

I will open it up and blow it out today and see if that helps.

Thanks for your patience.

VEW logs ========================================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2013 9:31:27 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2013 7:25:47 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Defender service hung on starting.

Log: 'System' Date/Time: 20/04/2013 7:23:13 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Log: 'System' Date/Time: 20/04/2013 7:21:25 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Font Cache Service service hung on starting.

Log: 'System' Date/Time: 20/04/2013 7:15:55 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 20/04/2013 7:14:55 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "POCKETS-PC :20" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.10 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 20/04/2013 7:14:55 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 20/04/2013 7:14:55 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{1F18227E-BCF3-47C1-8E03-F98BEEDE877E} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 20/04/2013 7:14:39 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "POCKETS-PC :0" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.10 did not allow the name to be claimed by this computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:14:35 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/04/2013 8:08:40 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 19/04/2013 8:08:39 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\bcmihvsrv.dll


===============================================================


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2013 9:32:02 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/04/2013 8:08:23 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2322714547-348715592-88947146-1000:
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Policies\Microsoft\SystemCertificates
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Policies\Microsoft\SystemCertificates
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Policies\Microsoft\SystemCertificates
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Policies\Microsoft\SystemCertificates
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\My
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\CA
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\Root
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\trust
Process 2228 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2322714547-348715592-88947146-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Edited by praxidice, 20 April 2013 - 01:59 AM.

  • 0

Advertisements

#11
RKinner
Posted 20 April 2013 - 08:16 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's running hot again:

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 20/04/2013 7:16:21 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


So it will run slower. The services that are hanging may just need a bit more time because of that.

Your version of Windows Live has a Registry leak. I would uninstall it. If you really use it then get the latest version

http://windows.micro...essentials-home

Download and Save it then right click and Run As Admin.

FileHippo's update checker will usually not run automatically with 64 bit Win 7 I think because its driver is not approved. The latest version of Avast has its own update checker builtin so if you are not running Avast 8 then download the latest version from

http://www.avast.com/download-software

Save it, Uninstall the old version, reboot then right click on the install file and Run As Admin. You may have to register again.

You can then just run UpdateChecker manually to see if Avast missed something or just uninstall it.

These errors:

Log: 'System' Date/Time: 20/04/2013 7:14:55 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{1F18227E-BCF3-47C1-8E03-F98BEEDE877E} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 20/04/2013 7:14:39 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "POCKETS-PC :0" could not be registered on the interface with IP address 192.168.1.11. The computer with the IP address 192.168.1.10 did not allow the name to be claimed by this computer.



Usually just mean you have both the Wireless and the Ethernet cable connected unless you really do have two PCs with the same exact name. If connected with the Ethernet cable you should turn off the wireless.
  • 0

#12
praxidice
Posted 21 April 2013 - 06:22 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

It's running hot again:


Yep. I couldn't figure out how to open it up and clean it out, but then I found this...
http://www.insidemyl...1015px-netbook/

I have taken apart many computers and never broken one (knock on wood) but I am worried about opening it all the way up like that just to clean it. Do you know any tricks other than a vacuum?

Your version of Windows Live has a Registry leak. I would uninstall it. If you really use it then get the latest version


Gone. I didn't use it anyway.

FileHippo's update checker will usually not run automatically with 64 bit Win 7 I think because its driver is not approved. The latest version of Avast has its own update checker builtin so if you are not running Avast 8 then download the latest version from


Done. That fixes that problem.

These errors:

...

Usually just mean you have both the Wireless and the Ethernet cable connected unless you really do have two PCs with the same exact name. If connected with the Ethernet cable you should turn off the wireless.


I do have two computers with the same name, which I never thought about before. This is the first time they've shared a network. They're both on wireless, no ethernet. Is this causing problems or is it okay to leave it?

Thank you.
  • 0

#13
RKinner
Posted 21 April 2013 - 09:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
A cooler tray is the only other alternative that I know of.

For the name problem I think it is only important for netBT so you can turn netBT off which should stop the errors. It's doubtful that you need it. It's pretty obsolete:

Start, Control Panel, Network and Sharing Center, Click on the connection you use to connect to the Internet (Wireless Network Connection on mine - wired it probable says Local Are Network Connection) and click Properties. Select the Internet Protocol Version 4 (TCP/IPv4) (may have to scroll down a bit to see it) and click Properties. Click Advanced then the WINS tab. Under "NetBIOS setting," select "Disable NetBIOS over TCP/IP" and click OK. Click OK twice more to close all dialog boxes. Reboot.
  • 0

#14
praxidice
Posted 23 April 2013 - 01:55 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

A cooler tray is the only other alternative that I know of.


Ok, thank you. I am shopping around (I have no idea where to buy them where I live) and I am also planning on opening it up and cleaning it out.

Could we leave the topic open for a few days until I can clean it, put it back together, and see how it's running?

For the name problem I think it is only important for netBT so you can turn netBT off which should stop the errors. It's doubtful that you need it. It's pretty obsolete:


Done. So, nothing else for the moment, right?

Thank you so much.
  • 0

#15
praxidice
Posted 22 May 2013 - 09:01 AM

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi again,

I am still trying to find a good way to clean out my computer. I am sorry it is taking so long but I still would appreciate it if you could keep the topic open until I manage it, just in case something happens, and also to bring it to a resolution.

(As I said, I live in a country where I am just learning the language, and I'm having trouble finding some of the tools I need. Thanks for your patience.)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP