Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fast Computer now Very Slow - OTL Posted


  • Please log in to reply

#1
Quartz

Quartz

    Member

  • Member
  • PipPipPip
  • 122 posts
Two days ago my computer became so slow that it either won't load webpages (any & all) or it takes minutes to load one.

OTL logfile created on: 7/11/2013 1:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.49% Memory free
14.98 Gb Paging File | 11.44 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 424.20 Gb Free Space | 88.78% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/11 13:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
PRC - [2013/07/11 00:22:39 | 007,978,752 | ---- | M] (Toolwiz.com) -- C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
PRC - [2013/07/11 00:22:38 | 005,461,760 | ---- | M] (Toolwiz) -- C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
PRC - [2013/07/06 10:31:40 | 000,466,552 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/02 02:24:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/06 10:42:16 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 3\zlib1.dll
MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/14 17:31:24 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/02/08 14:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/13 21:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 21:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/04/28 09:58:54 | 000,029,184 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2013/07/10 15:39:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/02 02:24:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 22:54:38 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 09:58:54 | 000,029,184 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/07/11 00:22:48 | 000,052,992 | ---- | M] (Toolwiz.com) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KSafeDISK.sys -- (KSafeDISK)
DRV:64bit: - [2013/07/11 00:22:48 | 000,052,480 | ---- | M] (Toolwiz.com) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTOWSVF.sys -- (BTOWSVF)
DRV:64bit: - [2013/07/11 00:22:48 | 000,033,024 | ---- | M] (Toolwiz.com) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BTOWSFF.sys -- (BTOWSFF)
DRV:64bit: - [2013/05/02 02:24:08 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/05/02 02:24:08 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/05/02 02:24:06 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/05/02 02:24:06 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/14 06:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/12/27 02:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/28 10:29:08 | 000,228,008 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2012/11/28 10:29:06 | 000,107,688 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2012/10/11 15:49:10 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/10/11 15:49:08 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 00:47:42 | 000,082,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 14:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/01/29 07:40:58 | 000,456,192 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2011/05/25 22:52:56 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/07/04 08:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci)
DRV - [2003/07/04 08:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 52 22 01 3D 7E CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013/07/11 02:00:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/18 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/11 02:34:40 | 000,000,000 | ---D | M]

[2011/10/22 09:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Extensions
[2013/01/25 03:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\Firefox\Profiles\2etiq55c.default\extensions
[1625/12/17 20:32:29 | 000,002,081 | ---- | M] () (No name found) -- C:\Users\Buddy\AppData\Roaming\mozilla\firefox\profiles\2etiq55c.default\extensions\[email protected]
[2013/01/09 09:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/22 01:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/08/22 13:48:23 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/22 09:53:36 | 000,002,524 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [5594FD411AC9B3706D4A562F490DF74B5FA5DA40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/pcpitstop.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9D0C9-6710-4E56-82CE-64037C9D205F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC15635-A9E0-42DF-92AC-8B68299BBA06}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9928683F-52F7-44E0-8BD2-B1DDCA2C5BB3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a6e08d50-e574-11e0-b9ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 13:48:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/11 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ElevatedDiagnostics
[2013/07/11 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2013/07/11 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/11 06:08:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 06:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013/07/11 02:44:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Innovative Solutions
[2013/07/11 02:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013/07/11 02:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2013/07/11 02:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/07/11 02:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/07/11 02:35:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/11 02:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/11 02:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/11 02:34:09 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/11 02:34:09 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/11 01:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2013/07/11 00:22:48 | 000,052,992 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys
[2013/07/11 00:22:48 | 000,052,480 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys
[2013/07/11 00:22:48 | 000,033,024 | ---- | C] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys
[2013/07/11 00:22:48 | 000,000,000 | RH-D | C] -- C:\TOOLWIZ
[2013/07/11 00:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
[2013/07/11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ToolwizCareFree
[2013/07/11 00:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToolwizCareFree
[2013/07/10 23:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/07/10 23:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/07/10 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 3
[2013/07/10 23:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 23:22:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 23:22:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 23:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 23:22:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 23:22:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 23:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 23:22:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 23:22:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 23:22:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 23:22:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 23:22:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 23:22:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 23:22:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 23:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 23:22:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 22:40:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 22:34:18 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 22:34:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 22:29:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/07/10 22:29:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/07/10 22:29:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/07/10 22:29:53 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/07/10 22:29:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/07/10 22:29:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/07/10 22:29:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/07/10 22:29:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/07/10 22:29:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/07/10 22:29:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/07/10 22:29:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/07/10 22:29:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/07/10 22:28:10 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 22:28:09 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\InstallShield
[2013/07/05 09:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/07/05 09:34:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/07/05 09:34:37 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2013/07/05 09:34:37 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/07/05 09:17:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/05 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\MY HABIT
[2013/06/21 17:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/21 16:08:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/21 16:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/20 08:08:46 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/06/20 07:54:18 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\ChemTable Software
[2013/06/20 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\ChemTable Software
[2013/06/19 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/06/11 21:27:43 | 000,033,792 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys
[2013/06/11 21:27:43 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64gps.sys
[2013/06/11 21:27:43 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64diag.sys
[2013/06/11 21:27:43 | 000,017,920 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys
[2013/06/11 21:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2013/06/11 14:14:15 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 14:14:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 14:14:03 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 14:14:03 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 14:14:02 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 14:14:00 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 14:14:00 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 14:14:00 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 14:14:00 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 14:13:59 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 14:13:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 14:13:53 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 14:13:53 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/05/21 18:11:05 | 000,104,960 | ---- | C] (CANON INC.) -- C:\Users\Buddy\cnmss Canon MG3100 series Printer (Local).dll
[2013/01/24 20:43:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Buddy\AppData\Roaming\pcouffin.sys
[2013/01/09 15:26:06 | 000,571,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/11 13:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2013/07/11 10:13:18 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 10:13:18 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 08:55:50 | 000,801,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 08:55:50 | 000,720,346 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 08:55:50 | 000,083,876 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/11 08:51:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/11 08:49:54 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 08:49:51 | 000,333,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 08:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/11 06:37:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 03:49:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/07/11 02:45:12 | 000,002,345 | ---- | M] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | M] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:35:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:27:33 | 000,007,639 | ---- | M] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2013/07/11 00:22:48 | 000,052,992 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\KSafeDISK.sys
[2013/07/11 00:22:48 | 000,052,480 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSVF.sys
[2013/07/11 00:22:48 | 000,033,024 | ---- | M] (Toolwiz.com) -- C:\Windows\SysNative\drivers\BTOWSFF.sys
[2013/07/11 00:22:41 | 000,001,083 | ---- | M] () -- C:\Users\Buddy\Desktop\Toolwiz Care.lnk
[2013/07/10 23:29:05 | 000,001,109 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/07/10 23:29:05 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/07/10 22:17:55 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/07/10 20:48:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 15:39:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/10 15:39:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/10 14:57:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:57:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 11:09:10 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/10 01:08:31 | 000,012,642 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:06:58 | 000,000,537 | ---- | M] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:36:13 | 000,817,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/05 09:34:34 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/06/28 04:39:40 | 004,858,005 | ---- | M] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | M] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/25 12:45:52 | 000,039,632 | ---- | M] () -- C:\Users\Buddy\Documents\Backup of HauteLook Order 6 2 2013.wbk
[2013/06/24 16:02:23 | 000,174,292 | ---- | M] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/21 19:41:25 | 000,000,961 | ---- | M] () -- C:\Users\Buddy\Desktop\Install Toolwiz Care.lnk
[2013/06/20 21:45:34 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 08:33:00 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:31 | 000,584,600 | ---- | M] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:08:46 | 000,001,299 | ---- | M] () -- C:\Users\Buddy\Desktop\Cloud System Booster.lnk
[2013/06/20 08:07:16 | 005,768,120 | ---- | M] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | M] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | M] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | M] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/20 00:17:04 | 000,001,978 | ---- | M] () -- C:\Users\Buddy\Desktop\PC Pitstop Optimize3.lnk
[2013/06/19 23:54:13 | 000,001,442 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/12 19:03:40 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/11 08:49:41 | 000,333,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 06:37:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/07/11 06:37:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
[2013/07/11 06:08:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 02:45:12 | 000,002,345 | ---- | C] () -- C:\Users\Buddy\Desktop\Safe Money.lnk
[2013/07/11 02:44:26 | 000,002,440 | ---- | C] () -- C:\Users\Buddy\Desktop\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:26 | 000,002,324 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013/07/11 02:44:21 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2013/07/11 02:35:40 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/07/11 00:22:41 | 000,001,083 | ---- | C] () -- C:\Users\Buddy\Desktop\Toolwiz Care.lnk
[2013/07/10 23:29:05 | 000,001,109 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/07/10 23:29:05 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/07/10 23:29:04 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/07/10 23:29:02 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/07/10 00:12:42 | 000,012,642 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Burn candles are luxury scented candles designed with an absolute attention to detail.wbk
[2013/07/09 17:05:32 | 000,000,537 | ---- | C] () -- C:\Users\Buddy\Desktop\Outlook.zip
[2013/07/09 03:01:17 | 000,010,172 | ---- | C] () -- C:\Users\Buddy\Documents\Backup of Letter To TR with Package.wbk
[2013/07/05 09:34:37 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/07/05 09:17:20 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/05 09:17:14 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/05 09:17:00 | 000,001,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/07/05 09:16:53 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/28 04:39:39 | 004,858,005 | ---- | C] () -- C:\Users\Buddy\Documents\Kenmore Vacuum Manual.pdf
[2013/06/28 04:38:15 | 004,858,636 | ---- | C] () -- C:\Users\Buddy\Documents\c.shld.net_assets_docs_spin_prod_834378412.pdf
[2013/06/24 16:02:23 | 000,174,292 | ---- | C] () -- C:\Users\Buddy\Desktop\Buddy_3454934544.jpg
[2013/06/21 01:46:40 | 000,000,961 | ---- | C] () -- C:\Users\Buddy\Desktop\Install Toolwiz Care.lnk
[2013/06/20 08:32:59 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Toolwiz_Care-BP-75610754.exe
[2013/06/20 08:32:30 | 000,584,600 | ---- | C] () -- C:\Users\Buddy\Documents\cbsidlm-tr1_13-Ashampoo_WinOptimizer_FREE-BP-10962102.exe
[2013/06/20 08:08:46 | 000,001,299 | ---- | C] () -- C:\Users\Buddy\Desktop\Cloud System Booster.lnk
[2013/06/20 08:07:10 | 005,768,120 | ---- | C] () -- C:\Users\Buddy\Documents\csbsetup.exe
[2013/06/20 07:56:28 | 000,041,466 | ---- | C] () -- C:\Users\Buddy\Documents\ESale.pdf
[2013/06/20 05:12:25 | 000,001,322 | ---- | C] () -- C:\Users\Buddy\Desktop\Wordpad.lnk
[2013/06/20 01:02:55 | 000,027,064 | ---- | C] () -- C:\Users\Buddy\Desktop\Optimize-Support.zip
[2013/06/20 00:17:04 | 000,001,978 | ---- | C] () -- C:\Users\Buddy\Desktop\PC Pitstop Optimize3.lnk
[2013/06/19 23:54:12 | 000,001,454 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/27 18:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2013/05/27 18:02:51 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2013/05/27 18:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2013/05/27 18:02:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2013/05/27 18:02:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2013/05/27 18:02:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2013/05/27 18:02:50 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2013/05/27 18:02:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2013/05/27 18:02:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2013/05/27 18:02:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2013/05/27 18:02:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2013/05/27 18:02:49 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2013/05/27 18:02:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2013/05/27 18:02:49 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2013/05/27 18:02:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2013/03/09 19:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/24 20:43:55 | 000,099,384 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\inst.exe
[2013/01/24 20:43:55 | 000,007,859 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.cat
[2013/01/24 20:43:55 | 000,001,167 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\pcouffin.inf
[2013/01/24 20:38:47 | 000,001,057 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\vso_ts_preview.xml
[2013/01/24 20:05:11 | 000,003,584 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 13:06:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CINDY-GAME-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/01/09 08:58:09 | 000,002,127 | ---- | C] () -- C:\Users\Buddy\wxDownloadFast.ini
[2013/01/09 08:10:53 | 000,001,491 | ---- | C] () -- C:\Users\Buddy\AppData\Local\recently-used.xbel
[2012/12/27 07:27:07 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 11:48:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/20 11:48:14 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/10/16 15:04:34 | 000,019,108 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/08/21 19:14:36 | 000,817,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 20:52:53 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2012/08/14 20:52:53 | 000,192,512 | R--- | C] () -- C:\Windows\SysWow64\AegisI5.exe
[2012/08/14 20:52:53 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/27 21:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 21:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/16 20:56:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/04 20:37:20 | 000,007,639 | ---- | C] () -- C:\Users\Buddy\AppData\Local\resmon.resmoncfg
[2011/10/24 20:46:40 | 000,000,004 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\44E699
[2011/10/24 20:46:39 | 000,870,128 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\mcs.rma
[2011/10/07 09:00:52 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2011/09/22 20:49:56 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011/09/22 20:49:56 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OTL Extras logfile created on: 7/11/2013 1:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Buddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.49 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.49% Memory free
14.98 Gb Paging File | 11.44 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 477.80 Gb Total Space | 424.20 Gb Free Space | 88.78% Space Free | Partition Type: NTFS
Drive D: | 453.61 Gb Total Space | 252.79 Gb Free Space | 55.73% Space Free | Partition Type: NTFS

Computer Name: CINDY-GAME-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08520B79-83E7-42B8-81D9-2642E713D371}" = lport=445 | protocol=6 | dir=in | app=system |
"{15B05BB7-C855-4432-A5FA-C4F9B0F6B1D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29800CD1-2180-41C0-9CE4-5469D0DED8F9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{32704867-F685-4FCC-BBD4-BFA4774193C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4B5F197B-DFC4-4C46-AF81-E9928F9AD95C}" = lport=139 | protocol=6 | dir=in | app=system |
"{60968B59-C183-46DD-96A5-99114114ADC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B7A973F-3EB6-46D9-9D68-93659FB17E76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7081F0B0-7C1C-4D14-ADC0-3F20A46691DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B9ECA11-DC33-4B71-A989-8E465C2DB8C9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80346D81-E1A8-4AF5-8E2B-91D72513A90F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{803A9CB5-2E50-4062-A66D-D38C2D5F3339}" = rport=139 | protocol=6 | dir=out | app=system |
"{887267B8-EB94-427D-B865-A62883F218E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB523190-DB1D-4CB2-81E5-0E588C66CB2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF550787-166F-4F74-916E-579F6EB433D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C00EB9A3-0F16-499A-B8B6-918F0108281A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2D40EEC-A132-4F6E-BD4C-A1F8AB2875E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6CC872E-5F81-4F09-90FD-24BB67139CD9}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC394C70-CDA8-4C6F-B116-99963B811170}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E380B13C-CA51-487C-BC8B-6A1FDD68DD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E43A906E-0F2F-4AF5-8C5E-74B2DDCA7C69}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E666FE8B-ABDB-4787-BE7D-F9577AD7C494}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC00E0C4-F8B3-436D-84EB-EEA9D9F86CDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED892F26-7367-4C77-9DAE-4869C29EDA8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6B941F0-BA18-4103-A7ED-80621B4CD08E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C495F2A-DF09-4D9E-B7CC-A9470AA57E5C}" = dir=in | app=c:\windows\system32\lxdncoms.exe |
"{129C71F4-6A84-4F31-B084-394C7B70AC51}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{1C08CADA-3A3A-42E4-98DB-83A3925680CC}" = dir=in | app=c:\users\buddy\appdata\local\microsoft\skydrive\skydrive.exe |
"{29F06BC0-2052-45D7-BF5D-11654A87E192}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{30087503-B165-4888-91D6-84A0051C229B}" = dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{38637199-EACB-475C-A76A-BE527377D6FB}" = protocol=1 | dir=out | [email protected],-28544 |
"{6A5F93A3-3089-459D-884B-FB0865B92AD5}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{6FBBD792-3681-4371-8C1F-0AE11F28DF9F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{714D990F-621D-4174-93A4-362211BEA784}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{729E6520-7A99-4A59-A459-7C088B8BE6B4}" = protocol=58 | dir=out | [email protected],-28546 |
"{8D942528-BE9D-4548-9D59-461947813138}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{9279F2F7-1777-476A-BD0C-4BD85DED5B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{989DC283-A4FF-4CC0-8A10-DD254EE03481}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{9BD51192-D8AF-48CF-8B5E-DF0ABECB2DB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{A2386869-A552-4481-BF8A-838022C62D0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD0932E0-EEE9-484D-BBBC-0F0E6BB5FD34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C2C08E7F-8409-4800-B7CC-250BF2523FD1}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{C5233D00-086C-4CE2-843B-D6F4322E686B}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5CAA122-7AD6-4B6A-AFB5-7F0A0EF66A44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{CD60AD0B-73EA-482C-ABE3-1BD5310C4167}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8EFA557-0C34-42F7-ACB3-AC42424A7D7C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{E29A396C-CD2C-42E5-A668-7CBC4F0966B4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{E6B64AB2-8BBF-45C4-8ACD-8C650907646F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FF8204C6-0EE4-4531-BDD6-64DF8333E85B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{D0592000-4959-4F0B-942A-7CAB268D42B3}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{89E0062E-AC27-4431-80D6-9C034C7DF9B2}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{669D2C56-157D-508E-CC6D-5F4A8A9EAC9C}" = AMD Catalyst Install Manager
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBBD8A4E-BE4B-3371-19DC-CB8AB29D350B}" = AMD Fuel
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D2D5EB8B-8855-98E4-4786-12A8D521B3C0}" = ccc-utility64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"DriverEasy_is1" = DriverEasy 4.5.2
"Lexmark 2600 Series" = Lexmark 2600 Series
"Logitech Unifying" = Logitech Unifying Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.52
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1154E720-5D61-B720-2BC6-8BE86063861F}" = CCC Help Spanish
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4301FE90-2ED7-7384-46DD-0A41FE0F067D}" = CCC Help Korean
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD8793A-9DDD-92BF-B281-E0DB3A9D50B8}" = CCC Help Russian
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{87543F2C-6EB2-4A20-B424-45A487DF2A50}" = Catalyst Control Center Localization All
"{87F4E233-EE83-F0EC-1687-D8571D7B0B15}" = CCC Help Japanese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88603FC0-6B3C-442D-981E-E3D49F083548}_is1" = NovaBench 3.0.4
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9EEEBF01-660B-9E02-75B9-EF3445CB9635}" = CCC Help German
"{A0510572-97B7-8696-A812-C279B211CB08}" = CCC Help French
"{A2DDE452-4542-D7EB-758C-A3DAA35AAA9E}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BCBABA-26B7-6037-76B9-E8A38DB14DDD}" = AMD VISION Engine Control Center
"{A642884D-2199-EEE1-6BE8-FA0DBC611670}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADBF45DB-4765-04EF-DCF2-4560C088CBE9}" = CCC Help Italian
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CB95130D-118F-9C20-16A9-05F5990E3EBB}" = CCC Help English
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F9F92105-D25D-E4AF-CF87-11C06C92B296}" = CCC Help Chinese Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AU11_is1" = Advanced Uninstaller PRO - Version 11
"Canon MG3100 series User Registration" = Canon MG3100 series User Registration
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Glary Utilities 3" = Glary Utilities 3 (v3.6.0.125)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MailStore Home_universal1" = MailStore Home 8.0.2.8361
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"OverclockingCenter_is1" = OverclockingCenter
"PokerStars.net" = PokerStars.net
"Super-Charger_is1" = Super-Charger
"ToolwizCareFree" = Toolwiz Care
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"UltraDefrag" = Ultra Defragmenter
"WinLiveSuite" = Windows Live Essentials
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2013 8:50:14 PM | Computer Name = Cindy-Game-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/10/2013 11:50:44 PM | Computer Name = Cindy-Game-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/11/2013 2:17:53 AM | Computer Name = Cindy-Game-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Buddy\Downloads\argb1998win141ea24.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 7/11/2013 5:54:02 AM | Computer Name = Cindy-Game-PC | Source = MSDTC Client | ID = 4448
Description =

Error - 7/11/2013 5:54:04 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32104
Description = Faxes cannot be submitted or sent because the Fax service cannot access
the folder specified for the fax queue. The location of the fax queue can be modified
with a registry key. For more information, see Troubleshooting in Fax Service Manager
help. Win32 Error Code: 2 This error code indicates the cause of the error.

Error - 7/11/2013 5:54:04 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32041
Description = Fax Service failed to initialize because of an internal error Win32
Error Code: 0. This error code indicates the cause of the error.

Error - 7/11/2013 5:55:32 AM | Computer Name = Cindy-Game-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/11/2013 8:49:58 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32104
Description = Faxes cannot be submitted or sent because the Fax service cannot access
the folder specified for the fax queue. The location of the fax queue can be modified
with a registry key. For more information, see Troubleshooting in Fax Service Manager
help. Win32 Error Code: 2 This error code indicates the cause of the error.

Error - 7/11/2013 8:49:58 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Fax | ID = 32041
Description = Fax Service failed to initialize because of an internal error Win32
Error Code: 0. This error code indicates the cause of the error.

Error - 7/11/2013 8:51:30 AM | Computer Name = Cindy-Game-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 5/29/2013 5:14:55 AM | Computer Name = Cindy-Game-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 264313
seconds with 3240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/10/2013 2:57:26 PM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService
service to connect.

Error - 7/10/2013 2:57:26 PM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/10/2013 8:29:07 PM | Computer Name = Cindy-Game-PC | Source = DCOM | ID = 10016
Description =

Error - 7/10/2013 8:29:21 PM | Computer Name = Cindy-Game-PC | Source = DCOM | ID = 10016
Description =

Error - 7/10/2013 8:29:47 PM | Computer Name = Cindy-Game-PC | Source = DCOM | ID = 10016
Description =

Error - 7/10/2013 8:48:39 PM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService
service to connect.

Error - 7/10/2013 8:48:39 PM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/11/2013 5:54:02 AM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7024
Description = The KtmRm for Distributed Transaction Coordinator service terminated
with service-specific error %%-2147467259.

Error - 7/11/2013 5:54:05 AM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7031
Description = The KtmRm for Distributed Transaction Coordinator service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 1000 milliseconds: Restart the service.

Error - 7/11/2013 8:47:48 AM | Computer Name = Cindy-Game-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5


< End of report >

Edited by Quartz, 11 July 2013 - 12:12 PM.

  • 0

Advertisements


#2
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Looks like you may have picked up some malware, for example:

CHR - Extension: Change Font Family Style = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: Sudoku = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Last.fm free music player = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.692_0\
CHR - Extension: YouTube = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Google Theme Bright = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjpllkkkfobicnffejagpfbnkmgpggb\1.0.0_0\
CHR - Extension: Autocomplete = on = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Logitech SetPoint = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Clock for Google Chrome\u2122 = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.0.4_0\
CHR - Extension: AdBlock = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Mailto: = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.24.0_0\
CHR - Extension: Safe Money = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Change Colors = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Hover Zoom = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: My Chrome Theme = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Buddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\


Go to the Virus, Spyware, Malware Removal forum, read the first post and follow instructions.

Come back here once you get a clean bill of health if you still have problems.
  • 0

#3
Quartz

Quartz

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
I am confused. Your message says, "Go to the Virus, Spyware, Malware Removal forum, read the first post and follow instructions. Come back here once you get a clean bill of health if you still have problems." The first post is what told me to download OTL and post the results, which I did. Which post am I supposed to go to, exactly, please?
  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi there :)

Yes, that's good. But you,ve posted in a forum which is for Windows OS discussions. We do not remove malware here :)
Please go there --------> CLICK and post your log there. It'll be more appropriate forum.

Edited by Naathim, 11 July 2013 - 11:55 PM.

  • 0

#5
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
My apologies Quartz. As Naathim said, post in the Virus, Spyware, Malware Removal forum.

Thanks Naathim
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP