Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Detected: Files missing, S L O W system


  • Please log in to reply

#1
PjMac

PjMac

    Member

  • Member
  • PipPip
  • 16 posts
I detected Malware today on a scan. It was deleted but I discovered i have missing files. What can i do to ensure it is completely removed and cleaned?
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 7/22/2013 7:23:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pam\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 57.99% Memory free
9.68 Gb Paging File | 5.58 Gb Available in Paging File | 57.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.15 Gb Total Space | 590.33 Gb Free Space | 86.29% Space Free | Partition Type: NTFS

Computer Name: PJ | User Name: Pam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/22 19:09:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pam\Downloads\OTL.exe
PRC - [2013/07/15 12:59:52 | 007,506,752 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\stpass.exe
PRC - [2013/07/15 12:57:44 | 000,129,216 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
PRC - [2013/07/12 20:29:06 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/27 12:15:06 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/27 12:15:06 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/27 12:15:06 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/27 12:15:06 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/13 10:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2012/12/20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
PRC - [2012/09/20 01:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012/08/24 00:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/08/23 02:24:38 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/08/23 02:24:10 | 000,533,568 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/08/22 18:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/08/22 18:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/08/21 22:36:54 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/08/21 22:36:52 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/08/21 22:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/03/25 08:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/11 18:19:48 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\aa8342f91aba9ea9e511e9954307ab45\CustomMarshalers.ni.dll
MOD - [2013/07/11 18:17:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0db8aa5ffb4ab7d5051dc10101841f84\System.Core.ni.dll
MOD - [2013/07/10 14:06:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a74b6a2fbd1dff41aa83ce6b8de639e4\System.Xml.ni.dll
MOD - [2013/07/10 14:06:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dfa2cb72af0c0dfeb2b898b1b35c0077\System.Windows.Forms.ni.dll
MOD - [2013/07/10 14:06:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dfd1de460c7612ad1d02afc9d97bf78c\System.Drawing.ni.dll
MOD - [2013/07/10 14:06:15 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1fe104e6fe551fea4435d29d219f19a7\System.ni.dll
MOD - [2013/07/10 14:06:08 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2013/02/21 14:09:33 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
MOD - [2012/12/20 18:19:16 | 000,093,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avpapplication.dll
MOD - [2012/12/09 10:19:44 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012/12/09 10:18:59 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/08/23 02:26:10 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2012/08/22 18:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/08/22 18:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/07/26 05:23:08 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/23 00:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:64bit: - [2012/08/22 23:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/13 12:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/28 14:47:24 | 000,227,456 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/01/07 19:28:05 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2012/12/20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (avp)
SRV - [2012/11/06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/25 19:59:17 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2012/09/10 23:50:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/24 00:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/08/23 02:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/08/21 22:36:52 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/11 23:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 08:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/15 13:01:07 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/07/15 13:01:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/07/15 13:01:07 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/01 07:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/21 15:38:45 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/02/13 10:19:14 | 000,208,152 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportHades64.sys -- (RapportHades64)
DRV:64bit: - [2013/02/13 10:19:12 | 000,236,248 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/01/28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/28 14:23:28 | 000,581,200 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/01/28 14:23:24 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/01/28 14:23:24 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/01/28 14:23:22 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/01/28 14:23:20 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/01/28 14:23:20 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/01/28 14:23:18 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/01/28 14:23:18 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/01/21 02:56:12 | 003,747,840 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/07 19:28:04 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/17 07:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/10 15:14:54 | 000,098,064 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2012/12/10 15:14:54 | 000,067,344 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/25 20:24:36 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/09/25 20:24:36 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/09/25 20:24:36 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/09/25 19:59:17 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:64bit: - [2012/09/20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/03 18:23:58 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/09/03 17:57:00 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/20 13:32:46 | 000,316,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/07/27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/09 16:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/06/19 11:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 22:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/06/13 01:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 10:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/02 10:31:32 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/07/09 15:51:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/20 14:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008/05/06 20:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/07/01 07:28:08 | 000,588,048 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys -- (RapportCerberus_53984)
DRV - [2013/02/13 10:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/02/13 10:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8285749D-2AB6-43D2-90FF-C463C2B6AA11}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {467FC25E-AE90-4DA3-9F97-26B45A64B352}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.yhs.delta...frmful&tsp=4933
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKCU\..\SearchScopes\{467FC25E-AE90-4DA3-9F97-26B45A64B352}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5C045FE4-514B-4C1F-AA84-613BC7D90A68}: "URL" = http://us.yhs4.searc...0729,0,0,6,7635
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7WQIA_enUS531
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pam\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/15 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/15 13:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/15 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/15 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/15 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/07/04 17:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\6.0.1.54\

O1 HOSTS File: ([2013/02/21 13:13:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149B3963-DE4C-493C-B0F2-F3051ADD3DBC}: DhcpNameServer = 192.168.1.1 165.166.142.42 165.166.8.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4697643-A9CF-493C-8E98-6E1E7FDCCC9F}: DhcpNameServer = 192.12.128.24
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell - "" = AutoRun
O33 - MountPoints2\{fafc3051-408c-11e2-be7a-206a8adb2330}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/22 00:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theWord
[2013/07/22 00:19:02 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\The Word
[2013/07/22 00:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\The Word
[2013/07/22 00:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Word
[2013/07/21 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/07/21 17:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/21 17:29:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/21 17:29:09 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/21 17:29:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/21 17:29:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/21 17:29:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/21 17:29:02 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/21 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/21 17:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/21 17:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/07/21 17:27:14 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Yahoo!
[2013/07/21 17:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/07/19 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\Pam\Desktop\RK_Quarantine
[2013/07/19 14:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/19 14:51:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/19 14:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/18 14:24:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/18 14:19:02 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution.bak4
[2013/07/13 17:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/07/13 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Mozilla
[2013/07/10 23:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/10 14:53:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 14:53:08 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/07/10 14:53:05 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/07/10 14:53:04 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/10 14:53:04 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/07/10 14:53:04 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/07/10 14:53:04 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/07/10 14:53:04 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/07/10 14:53:03 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/07/10 14:53:03 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/07/10 14:53:03 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/07/10 14:53:02 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/07/10 14:53:02 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/07/10 14:53:02 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/07/10 14:53:02 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/07/10 14:53:02 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/10 14:53:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/10 14:53:01 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/07/10 14:53:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/07/10 14:53:00 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/07/10 14:53:00 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/07/10 14:53:00 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/07/10 14:53:00 | 000,194,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/07/10 14:53:00 | 000,125,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/07/10 14:53:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/07/10 14:52:59 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/07/10 14:52:58 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/07/10 13:04:15 | 000,000,000 | ---D | C] -- C:\Users\Pam\Documents\Confirmations
[2013/07/09 22:40:44 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 22:40:08 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 22:40:08 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 22:39:38 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/09 22:39:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/09 22:39:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/09 22:39:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/09 22:39:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/09 22:39:31 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 22:39:31 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/04 17:55:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/07/04 17:55:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/07/04 17:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/04 17:55:18 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Babylon
[2013/07/04 17:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/04 17:55:13 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\YourFileDownloader
[2013/07/04 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/04 17:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/07/01 14:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/01 14:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/01 14:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/07/01 13:53:43 | 000,089,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SQSRVRES.DLL
[2013/07/01 13:53:43 | 000,073,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll
[2013/07/01 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/07/01 13:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/06/27 22:02:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/06/22 22:16:56 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[5 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/22 18:45:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001UA.job
[2013/07/22 18:34:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 16:45:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001Core.job
[2013/07/22 16:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 00:23:23 | 002,131,131 | ---- | M] () -- C:\Users\Pam\Documents\Intro_to_The_Word_Nov_11_2008.pdf
[2013/07/22 00:19:45 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\theWord.lnk
[2013/07/21 20:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/21 17:35:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/21 17:35:31 | 2405,511,167 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/21 17:35:28 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013/07/21 17:28:42 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/21 17:28:41 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/21 17:28:41 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/21 17:28:41 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/21 17:28:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/21 17:28:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/20 13:03:26 | 000,932,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/20 13:03:26 | 000,207,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/20 13:03:26 | 000,005,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/19 14:51:57 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/15 19:17:44 | 000,553,532 | ---- | M] () -- C:\Users\Pam\Documents\Reverse_Diabetes2012.pdf
[2013/07/15 18:17:35 | 039,644,350 | ---- | M] () -- C:\Users\Pam\Documents\cookbook_ebook.pdf
[2013/07/15 13:26:19 | 000,137,543 | ---- | M] () -- C:\Users\Pam\Documents\lisa.jpg
[2013/07/15 13:08:10 | 000,002,224 | ---- | M] () -- C:\Users\Pam\Desktop\Safe Money.lnk
[2013/07/15 13:01:07 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/07/15 13:01:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/07/15 13:01:07 | 000,050,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klwfp.sys
[2013/07/15 13:01:06 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/07/13 17:01:27 | 000,000,000 | ---- | M] () -- C:\end
[2013/07/13 10:35:25 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 21:03:25 | 001,669,447 | ---- | M] () -- C:\Users\Pam\Documents\fastingtofreedom.pdf
[2013/07/11 20:38:56 | 005,821,788 | ---- | M] () -- C:\Users\Pam\Documents\BREATHE by MYAH.mp3
[2013/07/11 20:13:53 | 006,422,470 | ---- | M] () -- C:\Users\Pam\Documents\WORSHIP YAHWEH _____ EVERYTHING (Song) by miYah.mp3
[2013/07/11 14:22:25 | 000,178,020 | ---- | M] () -- C:\Users\Pam\Documents\1010297_10151699863328675_30422757_n2.jpg
[2013/07/10 23:09:23 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/10 14:59:39 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/07 21:23:53 | 000,001,300 | ---- | M] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/05 12:42:39 | 000,037,249 | ---- | M] () -- C:\Users\Pam\Documents\7.PNG
[2013/07/05 09:36:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/04 14:39:03 | 026,797,165 | ---- | M] () -- C:\Users\Pam\Documents\88985040-The-Seven-Pillars-of-Health-Don-Colbert.pdf
[2013/07/01 13:53:44 | 000,005,946 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/27 18:04:51 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/27 18:04:51 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/26 22:44:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/06/22 21:35:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[5 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/22 00:23:23 | 002,131,131 | ---- | C] () -- C:\Users\Pam\Documents\Intro_to_The_Word_Nov_11_2008.pdf
[2013/07/22 00:19:45 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\theWord.lnk
[2013/07/19 14:51:57 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/15 19:17:44 | 000,553,532 | ---- | C] () -- C:\Users\Pam\Documents\Reverse_Diabetes2012.pdf
[2013/07/15 18:17:34 | 039,644,350 | ---- | C] () -- C:\Users\Pam\Documents\cookbook_ebook.pdf
[2013/07/15 13:26:16 | 000,137,543 | ---- | C] () -- C:\Users\Pam\Documents\lisa.jpg
[2013/07/13 16:40:49 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001UA.job
[2013/07/13 16:40:47 | 000,000,854 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2787539444-2474176699-1682119474-1001Core.job
[2013/07/11 21:03:25 | 001,669,447 | ---- | C] () -- C:\Users\Pam\Documents\fastingtofreedom.pdf
[2013/07/11 20:38:03 | 005,821,788 | ---- | C] () -- C:\Users\Pam\Documents\BREATHE by MYAH.mp3
[2013/07/11 20:12:56 | 006,422,470 | ---- | C] () -- C:\Users\Pam\Documents\WORSHIP YAHWEH _____ EVERYTHING (Song) by miYah.mp3
[2013/07/11 14:22:22 | 000,178,020 | ---- | C] () -- C:\Users\Pam\Documents\1010297_10151699863328675_30422757_n2.jpg
[2013/07/10 23:09:23 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/10 14:59:23 | 000,422,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 14:53:08 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/05 12:42:38 | 000,037,249 | ---- | C] () -- C:\Users\Pam\Documents\7.PNG
[2013/07/04 14:35:14 | 026,797,165 | ---- | C] () -- C:\Users\Pam\Documents\88985040-The-Seven-Pillars-of-Health-Don-Colbert.pdf
[2013/06/26 22:44:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/02/21 19:06:52 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/02/15 22:30:40 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013/02/15 17:04:45 | 000,017,408 | ---- | C] () -- C:\Users\Pam\AppData\Local\WebpageIcons.db
[2013/01/07 19:28:05 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/01/07 19:28:03 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/01/07 19:28:03 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/09 10:47:45 | 000,005,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 23:04:18 | 000,006,656 | ---- | C] () -- C:\Users\Pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 20:38:58 | 000,000,280 | ---- | C] () -- C:\Windows\LaunApp.ini
[2012/09/25 20:33:02 | 000,001,450 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012/09/25 20:33:02 | 000,000,224 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012/09/25 19:53:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/09/11 00:17:15 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012/09/11 00:17:15 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 16:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 16:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/08 22:13:45 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 366 bytes -> C:\Users\Pam\Documents\8.eml.ptl:OECustomProperty

< End of report >

2nd Report
OTL Extras logfile created on: 7/22/2013 7:23:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pam\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 57.99% Memory free
9.68 Gb Paging File | 5.58 Gb Available in Paging File | 57.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.15 Gb Total Space | 590.33 Gb Free Space | 86.29% Space Free | Partition Type: NTFS

Computer Name: PJ | User Name: Pam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09877CE6-0857-4B9E-A2D0-BE88B1BFB4F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{11424E4D-5CA4-4B58-9B1C-A2F0018E4364}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B2FD1FA-7B45-43A9-AAC6-155801047622}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E09D62D-9232-4CB8-AB8F-E13A45DF68C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{364DB5E6-B75E-4968-95C9-00F036B35C6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{37D232DC-7E7F-40EF-A4D8-7B106FE6AAC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A0BF3AD-7824-43E6-8DFC-E4FAFA14F54B}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C7642D9-F948-4FED-BD93-38AEFF36DD3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{74E96E4A-4334-434C-9234-666B0EC35C7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7575BB0F-F29E-423C-B1AD-0D0027875855}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FAE6DF7-7955-42FD-892C-6891D6E18FFD}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6AC1658-A9A1-4EB7-A696-7F735D557FF3}" = lport=138 | protocol=17 | dir=in | app=system |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA432508-3D7D-437F-91ED-3CB1EA122EEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB746421-C4A7-41E1-B369-5F9D5C178158}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF87A946-CBEB-43B3-8C98-3EE9EF16DBA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1500A46-812D-49C9-8068-0ABA0CB71E32}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B6A511FA-8D05-4FE5-87F4-9349A22857BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAB36FC7-6856-4E3E-8D46-3208737E2934}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C59BC617-BAD9-430B-8561-1CDC59F5062D}" = rport=138 | protocol=17 | dir=out | app=system |
"{C85056E6-EA6D-4991-8386-DBCA3817BB44}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C9AAB9F5-E774-4A7A-BF98-E3628D1F1CF5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CAFD7094-0BBA-4C4B-891C-C0115F81142F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E10E9790-4276-4A4C-A964-0B902E20DA53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA6A2A05-50EE-4C14-906C-B2A84A4A7E33}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020348C5-076F-4395-B588-8702D8067692}" = dir=out | name=stumbleupon |
"{0234FAE4-E2CA-4A11-A8B7-D7B9EBC5B0A8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{040227B4-6C02-4773-9DE1-CAA7E6465930}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07DAE688-5A65-4755-8D15-DDB544E956A9}" = dir=in | name=skype |
"{0E104C38-8729-4482-A67D-5B87BA69907C}" = dir=out | [email protected]{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0F0CE4E4-7515-4F92-BB19-957194B71E6A}" = dir=out | name=study bible |
"{0FCBB7DD-5E13-4F21-90C4-4FFEC5F7688F}" = dir=in | name=ebay |
"{0FF1A330-7082-448C-8E17-DB0E0E45A364}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{10D8F569-F627-47F0-BD49-ECD4885D183F}" = dir=out | name=icookbook se |
"{1380DC43-49C5-406D-8B02-5F1F502DDD5D}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1506419B-7F3F-4F1F-A491-222975B92480}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{150F0223-052D-4344-9C90-B36316D694DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{172D6779-CBE1-4EF1-AF9C-6173A5FE4B77}" = protocol=1 | dir=out | [email protected],-28544 |
"{19D0433C-5E45-4131-849F-B63D8B20180A}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1A73CA84-07D4-4662-9A24-4CF0F71A0778}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1C487419-4F06-4D2B-8454-874FF8F549CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C655DAE-17FA-49D3-8129-3615D1B0DAD9}" = dir=out | name=fresh paint |
"{1D524889-83CF-4E8E-BC74-BDA278D8DAA2}" = dir=out | name=toolbox for windows 8 |
"{1F28ED77-C0F4-4B2E-8E9F-6DFCC88AD075}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{200E4B37-021F-4AFE-882B-0EAA6EF2915B}" = dir=in | app=c:\users\pam\appdata\local\microsoft\skydrive\skydrive.exe |
"{20879CF1-CA4F-475B-A653-85FE96A741F6}" = dir=out | name=amazon for windows |
"{20963FD7-1246-46A4-8249-2D826F15EF41}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{240736AA-ECEA-4114-994B-308B76684C0E}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{289548AB-14ED-4167-BD86-C8FDDFDB2E00}" = dir=out | name=word search |
"{292A233E-6405-4568-A413-F25BFD096B6E}" = dir=out | name=mytexttwister |
"{2B525508-989F-4891-B756-903434E3D235}" = dir=out | name=acer crystal eye |
"{2BFFA2B0-656A-4E50-A33F-56111ADBBE7A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{2C390264-FD02-4A22-98C8-8220FF377B67}" = dir=out | name=hulu plus |
"{2C8E07EF-906F-419E-AB0D-7DFE9531CED1}" = protocol=58 | dir=out | [email protected],-28546 |
"{2E4597D6-60E0-4970-B66E-2BC35030731C}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{2F2450E6-9591-4783-B7A0-1EA499E91B03}" = dir=out | name=dictionary. |
"{32E9D1F1-A37E-422B-B13B-3BC2FE695CFB}" = dir=out | name=tunein radio |
"{34C62FD8-1CCB-42CB-B835-BA9C5AD9D56C}" = dir=out | name=skype |
"{34E616DF-AD1B-4AAC-8B59-0CB6A7A2C328}" = dir=out | name=encyclopaedia britannica |
"{35A1AFDE-B59F-4928-9982-06808ECA95FD}" = dir=out | name=wordament |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39D041B4-46FD-463C-B76E-1174325C27D5}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3B316F0A-E964-411F-82DC-B97136624609}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C8E8A3F-4F37-44A8-B7B2-E511310B1E2C}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3CEE945B-1B33-4C42-B350-C34B41747FC3}" = dir=in | name=amazon for windows |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{3ED50094-D4B6-4C77-8B44-978996CEDD10}" = dir=in | name=acer explorer |
"{3EDB2D9B-EB5B-4910-95BC-D5C7A37A5DE0}" = dir=out | name=acer explorer |
"{3EDC3D65-FA97-4570-A04D-AFDCC755A9DD}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{403CEECC-AC21-4ED6-804A-76D96DFC90C9}" = dir=out | name=free books- 23,469 classics to go. |
"{404DBD4B-DDE9-475D-94C2-5A4F6856C76D}" = dir=out | name=acer crystal eye |
"{41E2A2A6-A7A4-44F8-AB42-1DFB5B6C61FF}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{429C2AB5-5C05-4C09-93A8-A7178202F2B1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{42AE9676-168C-47C5-AD4F-565A3A832411}" = dir=out | [email protected]{61908richardwalters.calculator_2.10.0.0_neutral__486nvj664v5b0?ms-resource://61908richardwalters.calculator/resources/apptitle} |
"{4321D6AB-CAEA-48F8-95CC-52F6D0460A8B}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{43640B55-BD98-4AEF-90AA-42987CCC29BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{454E5C84-D974-42D0-B598-C752D2AD61C5}" = dir=out | name=stumbleupon |
"{45597129-B095-4EB3-9AB2-473DBE61410A}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{463C5D67-53D2-48D3-9EA7-FA0B82C08C60}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{467A5C17-5EEF-4D65-A13C-586B98916F3D}" = dir=out | name=ebay |
"{4744E936-F19B-4738-B591-4B25BD52D41A}" = dir=out | name=newsxpresso |
"{47A173EA-C00D-4EC1-9E02-D65EFC3E19B1}" = dir=out | name=amazon |
"{48DF3A66-AB41-4F28-A888-11472210E0F1}" = dir=in | name=evernote touch |
"{490BC740-38C4-4F6E-9F69-BDF916E75D1C}" = dir=out | name=allrecipes |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49B2EC6E-00F6-4237-AABB-1F555D864458}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{4A2C50F2-8C3A-47BC-88AF-E7AA6087940D}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4A7F9CD3-C870-4472-9C45-CD0AF5FA67FD}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{4AC22D71-9DA4-451C-96E2-0DF628812A70}" = dir=in | name=allrecipes |
"{4B3EB344-0577-45C3-94B3-1DE8DBC56C29}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4BDA46FF-D7E4-4426-9ACB-70C446477346}" = dir=out | name=social jogger |
"{4D7293F8-56FD-4DE6-B521-EC501E18BEAA}" = dir=out | name=acer crystal eye |
"{4F06503B-D04B-4068-B4A2-6F9A0078DF8C}" = dir=out | name=social jogger |
"{4F4E5306-10B8-4C8C-8FDD-8C9BC3C8C5D6}" = dir=in | name=skype |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 |
"{50923BD4-9017-46D0-8191-AADBA4EBB19B}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{524013BB-4D55-4D7A-8771-0042EBE478C2}" = dir=out | name=greeting cards studio |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5305C7D5-0727-43EE-A975-A491B611D10C}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{54023E0E-3D1E-4C74-B26B-98DD4E0CB827}" = dir=out | name=kindle |
"{54A8980C-31FC-4830-B999-303AD921AAC3}" = dir=out | name=daily bread |
"{56B3FFB8-9060-4E55-A90F-CC07F4A6E619}" = protocol=58 | dir=in | [email protected],-28545 |
"{57F3AEE5-415B-4730-83B7-CC410F813E70}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{599522C2-37D2-428C-9729-8E4C9CCCA1F8}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5A0F97FD-41CC-4D5B-93F8-42330A6D0CE8}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5BFB77FE-A714-4FAB-910A-488BA6266A69}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5E62B0CE-4DD4-4B8E-A0AD-66B53A9413AE}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{5EC1F883-A89A-48B7-850D-CE70BB39D260}" = dir=out | name=7digital music store |
"{5ED5B146-2816-425C-9899-873F7D88CE03}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{5F8773CC-F043-468D-AAFE-8F3306BE122B}" = dir=out | name=musictube |
"{5FF69CA9-1E1B-419E-9A79-E2281CBF80D9}" = dir=out | name=hulu plus |
"{606F1A66-686D-4885-B1C9-D97F46DF027A}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6199B249-DFC3-4DD1-929D-7A68812F7225}" = dir=out | name=netflix |
"{6370486C-C18D-45B0-B173-79D427E85B7C}" = protocol=17 | dir=in | app=c:\users\pam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64F1B85C-2582-4DC6-B5CB-639653D5B1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{66BD06EE-D0F7-47A4-9C27-6214F9387F48}" = dir=out | name=perfect365 |
"{67F41DC4-621C-4970-9438-45B347FB93AA}" = dir=out | name=encyclopaedia britannica |
"{6AFCCF3D-8F30-44B3-9D42-5A8E9CBD0332}" = dir=out | name=cnet |
"{6BBA0413-17D3-4E1E-9E87-C5466BFABD08}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6D3162F6-37BD-4199-85BD-196DD82ED6AF}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6D3C117E-7A10-40A9-BCF0-79E5E4277DD1}" = dir=out | name=chacha |
"{6D8A5E0A-1636-4CA7-AB6B-F993A8D00FC0}" = dir=out | name=netflix |
"{6DD2ED2A-83D8-4B37-A662-62F48449FA40}" = dir=out | name=amazon for windows |
"{6F1895D6-17DB-490D-8F4B-D6F1EB9EF038}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{6F78268E-2372-43C5-AF22-1F59BB7DC368}" = dir=out | name=bible |
"{7053D389-DC8C-404B-ABBE-05CBEA81B864}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{72067AF3-4173-4BD3-ABA2-BCCA000AC50F}" = dir=out | name=evernote |
"{72200AC6-BF67-40F0-8048-F25F3587E029}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{7343580E-17CE-4910-B4E7-DF59B1723947}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74ADBDB3-E7C7-42E0-8E3D-BACCF308C846}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{754E31F0-13F4-4608-8FB5-A83DC1552C7F}" = dir=out | name=icookbook se |
"{77E925D5-1F35-4D03-AD6F-D97EC17E063C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78727C6C-70D7-426A-B74F-05BF4213DB72}" = dir=out | name=pray for me |
"{795C6F2C-DA69-487B-97B8-0C76D48A4F0D}" = dir=out | [email protected]{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} |
"{7DACF44B-68E4-4355-8610-678F6D9A2559}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5F4087-3BBC-44C0-9CBF-23D17CA73475}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F042F61-D312-4BD2-BB34-D2B93B786D7B}" = dir=out | name=wordbrush |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F6317F-2B15-4800-95DE-3C7666ABDFF1}" = dir=out | name=iheartradio |
"{84216761-24EA-46BC-AF98-A76800437FFE}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8816D475-E3F4-4845-A4AC-4EF26BFFD055}" = dir=out | name=kindle |
"{8945B977-9718-4617-BF16-736310D1561A}" = dir=out | name=7digital music store |
"{89D75184-3E47-4554-8246-075A892024A7}" = protocol=6 | dir=out | app=system |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A60B091-380C-4A87-B0BF-32D047C1585E}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8E9C0094-DC23-4E53-8804-9D51D161D3C3}" = dir=out | name=skitch |
"{8EC35EB5-570D-4B4B-A820-EC0333E407B4}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{91A42B75-5378-4FC5-9380-3657C40061B5}" = dir=out | name=backgrounds wallpapers hd |
"{9344FEA0-32C9-4809-BE27-453BBBA13F04}" = dir=out | name=evernote touch |
"{954BC357-25D0-4275-A65F-70830145D8A8}" = dir=in | name=kindle |
"{958F5374-EFC9-4572-BCEF-669544B5F28A}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{95C7CE59-1AE5-4730-BBAF-EDC2745F9212}" = dir=in | name=accuweather for windows 8 |
"{9AAD2756-F7A3-4B90-95EC-1526EC486AAC}" = dir=out | name=scrapbook for pinterest |
"{9B3F97BB-ADF5-4435-A1C9-8C76A4D08A1B}" = dir=out | name=the weather channel |
"{9B707350-EFBF-4F6F-BEB7-3D983BDD1F5D}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9B96CAFF-97E1-4DD2-83E6-AAB2B87FF0F5}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{9D39472A-06B7-4A9B-ACEB-49B6F39941CB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{9DCE530E-E5D4-4E44-99F7-561E2C93B2C8}" = dir=out | name=evernote |
"{9E548F39-1777-45A3-A32E-7D5EF03B8182}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{9EEE3E00-B6E4-4658-A075-F60CC731A0CD}" = dir=out | name=tunein radio |
"{A4570A14-A526-4E86-B009-5E7A03F93950}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A621EEA4-55C7-46F3-B0C7-A91E8D4E14D6}" = dir=out | name=canon inkjet print utility |
"{A84D7CE0-1067-4129-9990-53D4CC55A25C}" = dir=out | name=netflix |
"{A8936566-AC3D-46A1-A38D-AC5A06F906E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8E66DA5-F949-45B6-8653-AD119337EE93}" = dir=out | name=icookbook se |
"{A945574D-880B-44BB-8948-B1DD140CA0BE}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A962EDCA-C1BE-4CE8-A315-002C1AE1D749}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{AB437655-ED82-478B-A089-ED8CBEC9F576}" = dir=out | name=line |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AC0CA6F2-198E-42D7-8F2B-532EFD919F3A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{ACD7B9E5-3A4E-4C43-BDE0-B55FBEBE0651}" = dir=in | name=evernote |
"{AF4E6BAB-EAB1-4F08-AEED-5892A2D2A332}" = dir=out | [email protected]{microsoft.zunevideo_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B187492F-C0A5-4BB1-8E7C-31D801ECFA5C}" = dir=out | name=kindle |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2C02878-C4D8-48FD-A666-AA40E774D1CE}" = dir=out | name=thank you. |
"{B356A19F-227B-4221-BBDA-0279ED2D7471}" = dir=out | name=stumbleupon |
"{B4501D0E-0B57-490E-9700-2A4ADBF48176}" = dir=out | name=encyclopaedia britannica |
"{B6B9805F-1D56-4DBD-870F-BC3AC09D12AC}" = dir=in | name=newsxpresso |
"{B6F5664A-0D96-4821-A621-8A084C7AA74F}" = dir=in | name=ebay |
"{B78F01AE-DDDC-452C-8509-BD15138CC3B3}" = dir=out | name=ebay |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8BE0FFB-784E-440F-B461-628F6E54E409}" = dir=out | name=chacha |
"{B9292964-1EBA-453F-918C-A4E091117AFB}" = dir=out | name=acer explorer |
"{B97AD3B7-1404-42EC-B990-B5031AB0E9AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA56CBD5-D2C9-4FB6-AC75-E2310B575ABF}" = dir=in | name=evernote |
"{BC62C72D-76D6-454A-9124-1756BE999F7E}" = dir=out | name=7digital music store |
"{BF1AF796-D882-4C89-813E-03E88F0EEBF6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2898AA8-D6C2-4E78-99F2-6AB254DF6444}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{C76B6821-383F-4FCD-AE74-AF61F18466C0}" = dir=out | name=skype |
"{C7915173-7F48-4D1D-90B2-F46AEDACCBA2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C9AEE4A5-F278-42E8-877D-830C58D0ABA8}" = dir=in | name=amazon for windows |
"{C9B9C1AD-0B7D-4F9F-A5DD-EBE7980271EB}" = dir=in | name=skype |
"{CA4E6BB0-0285-47DA-A4EE-32D9D5008B09}" = dir=out | name=touch my pinterest |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB1C5EB6-6B5B-434A-AC84-D06F90754033}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{CC3AC08E-BBA2-493D-AAA0-C5F76661781E}" = dir=out | name=shark dash |
"{CD472EED-3136-4F28-B2B0-D0FFA2DA3ED4}" = dir=out | na[email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{CFA441BD-22E3-4B16-8DCD-90835D6AB57B}" = dir=in | name=onenote |
"{D09DB3AF-08D3-410B-B148-81723F547E33}" = dir=out | name=acer explorer |
"{D11778CE-2CF0-474A-AB52-4C7023AB9FCA}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D231C361-0A64-4F2F-B9E0-E7F7C56AE41B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D3048E06-E8C4-4898-B30D-5D0CD384940F}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 |
"{D6270A78-A503-444F-989A-B9BDC87147FB}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{D65F82EB-A58F-4424-998B-3FD97CE8898F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D68D0535-144C-4B33-9F68-82AA84C13A99}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{D81B1316-9E99-4375-9FBE-B1170A5CB1CF}" = dir=out | name=newsxpresso metro |
"{D8443BC0-30BD-4E77-8C4B-CACCC5EF768B}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D8B595F1-4C7F-4140-9DD8-0136B17FC575}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D968FA3E-A0D4-4A63-8CBD-BF510A2F2C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA38C46C-339F-4C29-BED8-AD1F884236EE}" = dir=out | name=social jogger |
"{DA544301-2703-4D86-B29E-43A549EDCB82}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{DA99482D-B5B9-4226-9E96-18A4DC6CC048}" = dir=out | name=skitch |
"{DABD872C-1479-416C-A412-F10D46A19390}" = protocol=6 | dir=in | app=c:\users\pam\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DBED73CE-00F8-480D-A8B6-F6E8A5318D4E}" = dir=out | [email protected]{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{DC80AC12-AD64-4667-996D-513D37889A0E}" = dir=out | name=accuweather for windows 8 |
"{DCC136C5-D95F-4A3C-B5B8-223E9F542F43}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{DF05E961-10C4-4341-905B-35EA190A2E9C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0BDCAD1-47D6-4532-953A-4F02F06655CD}" = dir=out | name=skype |
"{E3BC447D-F6CE-4F60-BEC5-99BE79A31E49}" = dir=out | name=jewel fever |
"{E43D42E6-2292-4809-BBB3-400262B048A2}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E565C69C-6338-4EA3-B963-760EE77A60CB}" = dir=out | name=chacha |
"{E6C33DAC-D080-47F3-9874-E7C62D7B1FA2}" = dir=in | name=ebay |
"{E6D3E3F7-8BF9-47AB-98E0-0D7E9E608B12}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E753D59A-3962-45FA-A855-C91317B8C25A}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E773DFF8-290C-4F75-A5CD-5EC746A997A8}" = dir=out | name=tunein radio |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E814AF0F-55D1-449D-9755-D0B0B5101FB3}" = dir=in | name=kindle |
"{E8B0B547-8A42-4391-A64D-620E6BDEEFD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EB5F89E8-063A-4CA7-8C4F-8F19E7CE92E7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{EFBCBB87-E7A7-41A7-8ED2-5E633D2FEB55}" = dir=in | name=the weather channel |
"{EFD55160-DBFF-4778-B529-3CA882DB8408}" = protocol=1 | dir=in | [email protected],-28543 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1507B5E-F4AA-4C58-9659-6491EF7D4BDD}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F4B9B76D-373C-4F06-99CF-AD8E039D961A}" = dir=out | name=newsxpresso metro |
"{F589A7B6-B8DB-43EA-A7C5-B1881CD0923F}" = dir=out | name=puzzletouch |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC383A2B-8621-4AA0-BC5D-53D9A1766700}" = dir=out | name=onenote |
"{FCD6F265-5E82-4DAA-8ECC-3138A57D5947}" = dir=out | name=hulu plus |
"{FD0D6229-AE81-48FE-BBEE-0D4CDA38606B}" = dir=out | name=ebay |
"{FDE5AB3D-BD42-490C-96EA-71D602C52DAA}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FE7E341A-B547-4C62-BADB-1FB90DFFD521}" = dir=out | name=youtube player/downloader - megatube |
"{FF060EE7-C2B1-43B3-A675-F43FBDA461C4}" = dir=out | name=skitch touch |
"TCP Query User{0C6EE2AF-479E-44F4-9DFD-071D799933BD}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{A73251B1-E570-46EC-8D67-7F81D071DF46}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{07FF4682-1155-4743-BE18-EA06B9F7542F}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{CE982947-55FE-43E3-BDE2-4DEB264AE09B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{DD411225-A527-4C56-91BE-15D888B3CCDE}" = Dot4
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 11.6.6.002_WHQL
"hpc3600w" = HP Color LaserJet 3600 (02/27/2007 61.063.461.41)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1B30DAC0-DE51-11E2-9A5B-B8AC6F98CCE3}" = Google Earth
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"7-zip" = 7-zip v9.20
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Spotify" = Spotify
"The Word" = theWord
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-0aaf6516-0298-46a9-a777-d211a6126a70" = Zuma's Revenge
"WTA-0b9c4424-c07d-4fbc-8670-0218acfc1945" = Delicious: Emily's True Love Premium Edition
"WTA-106a723b-360b-45a1-b184-78d1360deccd" = Bejeweled 3
"WTA-1ad729a9-77a5-4d79-8e92-7c6c9b9ca4e7" = Cradle Of Egypt Collector's Edition
"WTA-406d1b20-34c7-4b2a-aaa7-6cd0181ac522" = Polar Golfer
"WTA-4dd12fd3-8746-4c4f-84f3-441f7a9fe2ce" = Tales of Lagoona
"WTA-61844318-9215-4324-809b-bcb615aef6e7" = Penguins!
"WTA-73aeae4c-fbc9-4b79-b425-573e6c6d44fc" = Dora's World Adventure
"WTA-8ad1b4d6-9977-496c-bf1a-2f5f51c309b8" = Agatha Christie - Death on the Nile
"WTA-914b0110-4355-47bd-8e81-fc35cb0d62c4" = Jewel Match 3
"WTA-a81092c3-62a5-41be-b7f3-041234f3611b" = Polar Bowler
"WTA-a8d605ee-3977-4e91-9138-9284e23fc60d" = Plants vs. Zombies - Game of the Year
"WTA-b5864620-fdf4-4a40-b610-23a7ccebbbe5" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-bbbcf571-3d48-4057-8ec0-3eefd47eabaf" = Aloha TriPeaks
"WTA-f0c5f3ef-284e-44e1-8d24-90b61be2b987" = Peggle Nights
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2013 4:53:44 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 5/28/2013 4:53:44 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 5/28/2013 5:06:16 PM | Computer Name = pj | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default
did not launch within its allotted time.

Error - 5/28/2013 5:06:22 PM | Computer Name = pj | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 174c Start
Time: 01ce5be7280b61d8 Termination Time: 4294967295 Application Path: C:\Program
Files\Internet Explorer\iexplore.exe Report Id: 702aeb76-c7da-11e2-bef9-68942358d086

Faulting
package full name: Faulting package-relative application ID:

Error - 5/30/2013 8:53:22 PM | Computer Name = pj | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/2/2013 7:39:49 PM | Computer Name = pj | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/3/2013 2:37:34 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/3/2013 2:37:34 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/4/2013 9:07:27 PM | Computer Name = pj | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 6.5.0.107, time stamp:
0x51780cc2 Faulting module name: ieframe.dll, version: 10.0.9200.16578, time stamp:
0x515f8fc1 Exception code: 0xc0000005 Fault offset: 0x00496150 Faulting process id:
0x1478 Faulting application start time: 0x01ce608a06a1dc8d Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\SYSTEM32\ieframe.dll
Report
Id: 49918dde-cd7c-11e2-befb-206a8adb2330 Faulting package full name: Faulting package-relative
application ID:

Error - 6/6/2013 1:12:45 PM | Computer Name = pj | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 7/22/2013 2:25:52 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 2:25:52 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 5:27:58 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 5:27:59 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 5:27:59 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 5:27:59 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 6:33:39 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 6:33:39 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 6:33:40 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.

Error - 7/22/2013 6:33:40 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.


< End of report >

Thankyou for all your help
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Uninstall Yahoo! Toolbar


Download the adwCleaner
Pause your anti-virus and close all applications.

  • Run the Tool
    Windows Vista and Windows 7/8 users:
    Right click in the adwCleaner.exe and select the Delete option
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.



This error:

Error - 6/3/2013 2:37:34 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/3/2013 2:37:34 PM | Computer Name = pj | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.


Following should rebuild the counters and fix the above errors:

Open an Elevated Command Prompt: http://pcsupport.abo...t-windows-8.htm

type:
lodctr  /r

and then press ENTER.

This next one I think is related to how Kaspersky works. I believe a recent Windows update broke it. There are a lot of complaints on the Kaspersky website.


Error - 7/22/2013 2:25:52 PM | Computer Name = pj | Source = Schannel | ID = 36887
Description = A fatal alert was received from the remote endpoint. The TLS protocol
defined fatal alert code is 40.



Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKLM..\Run: [LManager] File not found

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07222013-some number.log so look there if you don't see it.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7/8 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#5
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# AdwCleaner v2.306 - Logfile created 07/23/2013 at 13:47:51
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Pam - PJ
# Boot Mode : Normal
# Running from : C:\Users\Pam\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Pam\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Pam\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Marty_2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5060 octets] - [23/07/2013 13:47:21]
AdwCleaner[S1].txt - [1243 octets] - [20/02/2013 13:21:49]
AdwCleaner[S2].txt - [4797 octets] - [23/07/2013 13:47:51]

########## EOF - C:\AdwCleaner[S2].txt - [4857 octets] ##########
  • 0

#6
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Below are the last two reports you requested. Again I really appreciate all your help

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LManager deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Marty

User: Marty_2
->Flash cache emptied: 492 bytes

User: Pam
->Flash cache emptied: 930 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Marty

User: Marty_2

User: Pam
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07232013_234206


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ActivateDesktop.exe 1,660 K 5,988 K 4224 (Verified) Qualcomm Atheros
AdminService.exe 1,444 K 4,808 K 1836 AdminService Application Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
armsvc.exe 1,100 K 3,852 K 1816 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
BackupManagerTray.exe 3,624 K 9,880 K 5288 Acer Backup Manager NTI Corporation (Verified) NTI Corporation
BcmSqlStartupSvc.exe 1,112 K 3,932 K 1896 BCM SQL Startup Service Microsoft Corporation (Verified) Microsoft Corporation
BDAppHost.exe 3,472 K 9,024 K 2800 BDAppHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDRuntimeHost.exe 11,220 K 19,872 K 3140 BDRuntimeHost.exe Microsoft Corp. (Verified) Microsoft Corporation
CCDMonitorService.exe 1,704 K 5,880 K 1940 CCD Monitor Service Acer Incorporated (Verified) Acer Incorporated
chrome.exe 9,396 K 13,088 K 3976 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 10,016 K 15,596 K 1640 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,604 K 21,500 K 6780 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,500 K 22,688 K 6964 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,616 K 20,572 K 6756 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 19,616 K 19,936 K 2544 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,564 K 22,620 K 6764 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,504 K 21,940 K 6432 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,568 K 26,812 K 6460 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,216 K 27,780 K 6812 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,016 K 22,016 K 6776 Google Chrome Google Inc. (Verified) Google Inc
dasHost.exe 5,012 K 13,272 K 2012 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,660 K 6,464 K 4692 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
EgisUpdate.exe 2,556 K 760 K 6692 EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
ePowerSvc.exe 1,896 K 6,860 K 4032 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
GoogleCrashHandler.exe 1,492 K 380 K 5048 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,280 K 380 K 4636 Google Crash Handler Google Inc. (Verified) Google Inc
HeciServer.exe 1,196 K 5,016 K 1152 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
hkcmd.exe 1,796 K 6,844 K 5196 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 1,840 K 6,732 K 4420 igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2,216 K 7,968 K 5232 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2,068 K 7,196 K 7136 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 1,924 K 7,016 K 4240 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
iuBrowserIEAgent.exe 14,900 K 920 K 6896 iuBrowserIEAgent (Verified) Acer Incorporated
iuEmailOutlookAgent.exe 14,872 K 884 K 6904 iuEmailOutlookAgent (Verified) Acer Incorporated
Jhi_service.exe 1,084 K 4,160 K 1320 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
klwtblfs.exe 1,372 K 5,268 K 7220 WebToolBar component Kaspersky Lab ZAO (Verified) Kaspersky Lab
LiveComm.exe Suspended 17,536 K 14,460 K 4568 Communications Service Microsoft Corporation (Verified) Microsoft Corporation
lsass.exe 4,972 K 12,236 K 860 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe 1,960 K 5,712 K 1668 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe 125,784 K 123,564 K 1704 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
MMDx64Fx.exe 2,104 K 7,944 K 4380 MMDx64Fx Application Dritek System Inc. (Verified) Dritek System Inc.
notepad.exe 1,756 K 7,720 K 3136 Notepad Microsoft Corporation (Verified) Microsoft Windows
pcee4.exe 31,404 K 32,640 K 5628 Dolby Profile Selector Dolby Laboratories Inc. (Verified) Dolby Laboratories
PmmUpdate.exe 1,824 K 596 K 6408 PMM Update Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
procexp.exe 2,352 K 7,740 K 6152 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ProtectedObjectsSrv.exe 1,232 K 4,704 K 1964 InfoWatch CryptoStorage Protected objects controller service Infowatch (Verified) ZAO InfoWatch
RAVBg64.exe 4,516 K 9,920 K 1772 HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RAVCpl64.exe 4,112 K 10,608 K 4596 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RfBtnSvc64.exe 1,244 K 4,936 K 2100 RfBtnSvc Application Dritek System INC. (Verified) Dritek System Inc.
RuntimeBroker.exe 3,068 K 13,700 K 5332 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
smss.exe 296 K 1,064 K 420 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 1,376 K 5,508 K 2280 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 696 K 2,948 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,012 K 6,716 K 2312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,480 K 4,436 K 2724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,384 K 18,428 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 27,080 K 41,832 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 20,284 K 22,516 K 1544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,212 K 13,484 K 2336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,740 K 14,612 K 1348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 26,028 K 34,028 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TiWorker.exe 5,332 K 7,168 K 7876 Windows Modules Installer Worker Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 1,524 K 4,616 K 7656 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,212 K 10,660 K 7532 User Notification Service Intel Corporation (Verified) Intel Corporation
unsecapp.exe 1,848 K 6,816 K 4708 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,876 K 6,688 K 4252 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
WDSmartWareBackgroundService.exe 24,100 K 17,660 K 2412 WDSmartWareBackgroundService Memeo (No signature was present in the subject) Memeo
wininit.exe 860 K 3,632 K 740 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,360 K 8,064 K 808 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,412 K 6,720 K 2948 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 6,212 K 18,264 K 7924 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
YahooAUService.exe 4,080 K 6,668 K 2516 AutoUpater Service Module Yahoo! Inc. (Verified) Yahoo! Inc.
csrss.exe < 0.01 1,852 K 4,384 K 684 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 4,856 K 13,604 K 1516 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
taskhostex.exe < 0.01 5,768 K 10,244 K 4004 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
BtvStack.exe < 0.01 28,296 K 31,424 K 3680 Extension Core Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
BingDesktopUpdater.exe < 0.01 2,588 K 7,944 K 1916 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 3,408 K 9,416 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlservr.exe < 0.01 67,008 K 49,816 K 2924 SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe < 0.01 35,720 K 49,104 K 6176 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 4,208 K 7,504 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe < 0.01 7,992 K 14,208 K 2904 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
IScheduleSvc.exe < 0.01 7,436 K 17,260 K 1988 Backup Manager Module NTI Corporation (Verified) NTI Corporation
LMutilps32.exe < 0.01 6,196 K 7,568 K 2536 Launch Manager utility process Dritek System Inc. (Verified) Dritek System Inc.
taskhost.exe < 0.01 4,948 K 12,016 K 4960 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,536 K 12,368 K 3352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 10,416 K 17,184 K 3416 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 51,408 K 55,340 K 6100 Google Chrome Google Inc. (Verified) Google Inc
BDExtHost.exe < 0.01 6,788 K 11,512 K 5104 BDExtHost.exe Microsoft Corp. (Verified) Microsoft Corporation
dsiwmis.exe < 0.01 1,936 K 5,056 K 948 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
LManager.exe 0.01 5,204 K 12,172 K 4160 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
services.exe 0.01 4,868 K 9,492 K 852 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
ETDCtrlHelper.exe 0.01 2,184 K 6,364 K 5820 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
ETDCtrl.exe 0.01 5,612 K 18,340 K 3088 ETD Control Center ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
ePowerTray.exe 0.02 2,748 K 1,104 K 5448 ePowerTray Acer Incorporated (Verified) Acer Incorporated
WDDMStatus.exe 0.02 4,748 K 10,268 K 5408 WD Drive Manager WDC (Verified) Western Digital Technologies Inc.
c2c_service.exe 0.02 2,148 K 6,056 K 2196 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
LMS.exe 0.02 1,320 K 4,528 K 3252 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.03 80,808 K 87,008 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 116,248 K 139,344 K 3348 Google Chrome Google Inc. (Verified) Google Inc
WDDMService.exe 0.04 75,720 K 10,116 K 2340 WD Drive Manager Service WDC (No signature was present in the subject) WDC
ePowerEvent.exe 0.05 1,724 K 5,568 K 7376 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
RapportMgmtService.exe 0.07 19,500 K 25,468 K 540 RapportMgmtService Trusteer Ltd. (Verified) Trusteer
RapportService.exe 0.07 34,360 K 34,204 K 4992 RapportService Trusteer Ltd. (Verified) Trusteer
BingDesktop.exe 0.13 8,608 K 25,224 K 5992 Bing Desktop Application Microsoft Corp. (Verified) Microsoft Corporation
avp.exe 0.15 49,268 K 9,320 K 5876 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
avp.exe 0.22 279,544 K 73,732 K 1864 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
csrss.exe 0.33 3,568 K 32,584 K 764 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.38 33,284 K 35,476 K 5032 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
stpass.exe 0.55 41,188 K 49,240 K 1308 Kaspersky Password Manager Kaspersky Lab (Verified) Kaspersky Lab
System 0.71 132 K 3,672 K 4
Interrupts 0.79 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.88 17,888 K 27,152 K 704 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 1.45 31,476 K 60,780 K 4480 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
WDSmartWare.exe 7.23 135,132 K 145,328 K 5596 WD SmartWare Western Digital (Verified) Western Digital Technologies Inc.
explorer.exe 9.38 89,688 K 146,064 K 2612 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 77.38 0 K 20 K 0
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
WDSmartWare.exe 7.23 135,132 K 145,328 K 5596 WD SmartWare Western Digital (Verified) Western Digital Technologies Inc.
explorer.exe 9.38 89,688 K 146,064 K 2612 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 77.38 0 K 20 K 0


System Idle is too low because WDSmartWare and Explorer.exe are using too much.

WDSmartware is known to be a CPU hog. Do you really need it? See:

http://thepileof.blo...-smartware.html

It may be the cause of Explorer.exe running high too.


Let's see if we can run Dism /Online /Cleanup-Image /RestoreHealth First open an Elevated Command Window:

http://www.eightforu...indows-8-a.html


Then type (followed by an Enter at the end of the line):

Dism  /Online  /Cleanup-Image  /RestoreHealth

This will check for missing critical files and replace them. Should take around 15 minutes to finish.

Run another Process Explorer just as before and copy and paste the log.
  • 0

#8
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I tried to uninstall Yahoo Toolbar and I receive a message stating, "Are you sure you want to uninstall Yahoo! Toolbar? After clicking Yes, its as though it starts uninstalling and then stops and wont uninstall. I also ran the Dism /Online /Clean Up-Image /Restore Health as Admin and received an error message stated Dism failed. I retstarted the computer and ran the restore health again and receive the same message. I am attaching the report as follows:

2013-07-24 11:26:01, Info DISM PID=8804 TID=8096 Scratch directory set to 'C:\Users\Pam\AppData\Local\Temp\'. - CDISMManager::put_ScratchDir
2013-07-24 11:26:01, Info DISM PID=8804 TID=8096 DismCore.dll version: 6.2.9200.16384 - CDISMManager::FinalConstruct
2013-07-24 11:26:01, Info DISM PID=8804 TID=8096 Successfully loaded the ImageSession at "C:\Windows\System32\Dism" - CDISMManager::LoadLocalImageSession
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:01, Info DISM DISM Manager: PID=8804 TID=8096 Successfully created the local image session and provider store. - CDISMManager::CreateLocalImageSession
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:01, Info DISM DISM.EXE:
2013-07-24 11:26:01, Info DISM DISM.EXE: <----- Starting Dism.exe session ----->
2013-07-24 11:26:01, Info DISM DISM.EXE:
2013-07-24 11:26:01, Info DISM DISM.EXE: Host machine information: OS Version=6.2.9200, Running architecture=amd64, Number of processors=4
2013-07-24 11:26:01, Info DISM DISM.EXE: Dism.exe version: 6.2.9200.16384
2013-07-24 11:26:01, Info DISM DISM.EXE: Executing command line: Dism /Online /Cleanup-Image /RestoreHealth
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Getting Provider FolderManager - CDISMProviderStore::GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Loading Provider from location C:\Windows\System32\Dism\FolderProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:01, Info DISM DISM Provider Store: PID=8804 TID=8096 Connecting to the provider located at C:\Windows\System32\Dism\FolderProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:01, Info DISM DISM Manager: PID=8804 TID=8096 physical location path: C:\ - CDISMManager::CreateImageSession
2013-07-24 11:26:01, Info DISM DISM Manager: PID=8804 TID=8096 Copying DISM from "C:\Windows\System32\Dism" - CDISMManager::CreateImageSessionFromLocation
2013-07-24 11:26:03, Info DISM DISM Manager: PID=8804 TID=8096 Successfully loaded the ImageSession at "C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337" - CDISMManager::LoadRemoteImageSession
2013-07-24 11:26:03, Info DISM DISM Image Session: PID=3368 TID=2096 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Initializing a provider store for the IMAGE session type. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\OSProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\OSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:03, Info DISM DISM OS Provider: PID=3368 TID=2096 Defaulting SystemPath to C:\ - CDISMOSServiceManager::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM OS Provider: PID=3368 TID=2096 Defaulting Windows folder to C:\Windows - CDISMOSServiceManager::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\PEProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Warning DISM DISM Provider Store: PID=3368 TID=2096 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Manager: PID=8804 TID=8096 Image session successfully loaded from the temporary location: C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337 - CDISMManager::CreateImageSession
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Getting Provider OSServices - CDISMProviderStore::GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=2096 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM.EXE: Target image information: OS Version=6.2.9200.16613, Image architecture=amd64
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=6200 Getting the collection of providers from an image provider store type. - CDISMProviderStore::GetProviderCollection
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\CbsProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\CbsProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:03, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 Finished initializing the CbsConUI Handler. - CCbsConUIHandler::Initialize
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 CBS is being initialized for online use. More information about CBS actions can be located at: %windir%\logs\cbs\cbs.log - CDISMPackageManager::Initialize
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\MsiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\MsiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\IntlProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\IntlProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\IBSProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\IBSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\DmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\DmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM OS Provider: PID=3368 TID=6200 Successfully loaded the hive. - CDISMOSServiceManager::DetermineBootDrive
2013-07-24 11:26:04, Info DISM DISM Driver Manager: PID=3368 TID=6200 Further logs for driver related operations can be found in the target operating system at %WINDIR%\inf\setupapi.offline.log - CDriverManager::Initialize
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\UnattendProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\UnattendProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\Wow64provider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Warning DISM DISM Provider Store: PID=3368 TID=6200 Failed to get the IDismObject Interface - CDISMProviderStore::Internal_LoadProvider(hr:0x80004002)
2013-07-24 11:26:04, Warning DISM DISM Provider Store: PID=3368 TID=6200 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\Wow64provider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x80004002)
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\SmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\SmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\EmbeddedProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Warning DISM DISM Provider Store: PID=3368 TID=6200 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\EmbeddedProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\AppxProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\AppxProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\AssocProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\AssocProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\TransmogProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\D3D0D99D-E97E-4F2C-961B-034504509337\TransmogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:26:04, Info DISM DISM Transmog Provider: PID=3368 TID=6200 Current image session is [ONLINE] - CTransmogManager::GetMode
2013-07-24 11:26:04, Info DISM DISM Transmog Provider: PID=3368 TID=6200 Audit Mode: [No] - CTransmogManager::Initialize
2013-07-24 11:26:04, Info DISM DISM Transmog Provider: PID=3368 TID=6200 GetProductType: ProductType = [WinNT] - CTransmogManager::GetProductType
2013-07-24 11:26:04, Info DISM DISM Transmog Provider: PID=3368 TID=6200 Product Type: [WinNT] - CTransmogManager::Initialize
2013-07-24 11:26:04, Info DISM DISM Transmog Provider: PID=3368 TID=6200 Product Type ServerNT : [No] - CTransmogManager::Initialize
2013-07-24 11:26:04, Info DISM DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: OSServices
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Package Manager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Package Manager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: MsiManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: MsiManager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: IntlManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: IntlManager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: IBSManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: DriverManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: DriverManager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Unattend Manager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Unattend Manager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: SmiManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: AppxManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: AppxManager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: AssocManager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: AssocManager.
2013-07-24 11:26:04, Info DISM DISM.EXE: Attempting to add the commands from provider: Edition Manager
2013-07-24 11:26:04, Info DISM DISM.EXE: Succesfully registered commands for the provider: Edition Manager.
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2013-07-24 11:26:04, Info DISM DISM Provider Store: PID=3368 TID=6200 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 Processing the top level command token(cleanup-image). - CPackageManagerCLIHandler::Private_ValidateCmdLine
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 Attempting to route to appropriate command handler. - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 Routing the command... - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 11:26:04, Info DISM DISM Package Manager: PID=3368 TID=6200 CBS session options=0x48100! - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 <----- Starting corruption detect/repair info -----> - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200
=================================
Checking System Update Readiness.


Summary:
Operation: Detect and Repair
Operation result: 0x0
Last Successful Step: Entire operation completes.
Total Detected Corruption: 0
CBS Manifest Corruption: 0
CBS Metadata Corruption: 0
CSI Manifest Corruption: 0
CSI Metadata Corruption: 0
CSI Payload Corruption: 0
Total Repaired Corruption: 0
CBS Manifest Repaired: 0
CSI Manifest Repaired: 0
CSI Payload Repaired: 0
CSI Store Metadata refreshed: True

Total Operation Time: 1261 seconds.
- CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 <----- Ending corruption detect/repair info -----> - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 - CDISMPackageManager::Internal_Finalize
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2013-07-24 11:47:08, Error DISM DISM Package Manager: PID=3368 TID=6200 Failed while processing command cleanup-image. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x800f081f)
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 11:47:08, Error DISM DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=800F081F
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Found the PE Provider. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(DISM Package Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Package Manager: PID=3368 TID=6200 Finalizing CBS core. - CDISMPackageManager::Finalize
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: DISM Package Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(MsiManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: MsiManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(IntlManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: IntlManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(IBSManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: IBSManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(DriverManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: DriverManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(DISM Unattend Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: DISM Unattend Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(SmiManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: SmiManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(AppxManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: AppxManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(AssocManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: AssocManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Finalizing the servicing provider(Edition Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: Edition Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Releasing the local reference to OSServices. - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Disconnecting Provider: OSServices - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:08, Info DISM DISM Provider Store: PID=3368 TID=6200 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:09, Info DISM DISM.EXE: Image session has been closed. Reboot required=no.
2013-07-24 11:47:09, Info DISM DISM.EXE:
2013-07-24 11:47:09, Info DISM DISM.EXE: <----- Ending Dism.exe session ----->
2013-07-24 11:47:09, Info DISM DISM.EXE:
2013-07-24 11:47:09, Info DISM DISM Provider Store: PID=8804 TID=8096 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 11:47:09, Info DISM DISM Provider Store: PID=8804 TID=8096 Disconnecting Provider: FolderManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:47:09, Info DISM DISM Provider Store: PID=8804 TID=8096 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 11:59:45, Info DISM PID=6584 TID=7876 Scratch directory set to 'C:\Users\Pam\AppData\Local\Temp\'. - CDISMManager::put_ScratchDir
2013-07-24 11:59:45, Info DISM PID=6584 TID=7876 DismCore.dll version: 6.2.9200.16384 - CDISMManager::FinalConstruct
2013-07-24 11:59:45, Info DISM PID=6584 TID=7876 Successfully loaded the ImageSession at "C:\Windows\System32\Dism" - CDISMManager::LoadLocalImageSession
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:45, Info DISM DISM Manager: PID=6584 TID=7876 Successfully created the local image session and provider store. - CDISMManager::CreateLocalImageSession
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:45, Info DISM DISM.EXE:
2013-07-24 11:59:45, Info DISM DISM.EXE: <----- Starting Dism.exe session ----->
2013-07-24 11:59:45, Info DISM DISM.EXE:
2013-07-24 11:59:45, Info DISM DISM.EXE: Host machine information: OS Version=6.2.9200, Running architecture=amd64, Number of processors=4
2013-07-24 11:59:45, Info DISM DISM.EXE: Dism.exe version: 6.2.9200.16384
2013-07-24 11:59:45, Info DISM DISM.EXE: Executing command line: Dism /Online /Cleanup-Image /RestoreHealth
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Getting Provider FolderManager - CDISMProviderStore::GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Loading Provider from location C:\Windows\System32\Dism\FolderProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:45, Info DISM DISM Provider Store: PID=6584 TID=7876 Connecting to the provider located at C:\Windows\System32\Dism\FolderProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:45, Info DISM DISM Manager: PID=6584 TID=7876 physical location path: C:\ - CDISMManager::CreateImageSession
2013-07-24 11:59:45, Info DISM DISM Manager: PID=6584 TID=7876 Copying DISM from "C:\Windows\System32\Dism" - CDISMManager::CreateImageSessionFromLocation
2013-07-24 11:59:47, Info DISM DISM Manager: PID=6584 TID=7876 Successfully loaded the ImageSession at "C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC" - CDISMManager::LoadRemoteImageSession
2013-07-24 11:59:47, Info DISM DISM Image Session: PID=7232 TID=4480 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Initializing a provider store for the IMAGE session type. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\OSProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\OSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM OS Provider: PID=7232 TID=4480 Defaulting SystemPath to C:\ - CDISMOSServiceManager::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM OS Provider: PID=7232 TID=4480 Defaulting Windows folder to C:\Windows - CDISMOSServiceManager::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\PEProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Warning DISM DISM Provider Store: PID=7232 TID=4480 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Manager: PID=6584 TID=7876 Image session successfully loaded from the temporary location: C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC - CDISMManager::CreateImageSession
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Getting Provider OSServices - CDISMProviderStore::GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM.EXE: Target image information: OS Version=6.2.9200.16613, Image architecture=amd64
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Getting the collection of providers from an image provider store type. - CDISMProviderStore::GetProviderCollection
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\CbsProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\CbsProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=4480 Finished initializing the CbsConUI Handler. - CCbsConUIHandler::Initialize
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=4480 CBS is being initialized for online use. More information about CBS actions can be located at: %windir%\logs\cbs\cbs.log - CDISMPackageManager::Initialize
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=4480 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\MsiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\MsiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\IntlProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\IntlProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\IBSProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\IBSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\DmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\DmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM OS Provider: PID=7232 TID=4480 Successfully loaded the hive. - CDISMOSServiceManager::DetermineBootDrive
2013-07-24 11:59:47, Info DISM DISM Driver Manager: PID=7232 TID=4480 Further logs for driver related operations can be found in the target operating system at %WINDIR%\inf\setupapi.offline.log - CDriverManager::Initialize
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\UnattendProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\UnattendProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\Wow64provider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Warning DISM DISM Provider Store: PID=7232 TID=4480 Failed to get the IDismObject Interface - CDISMProviderStore::Internal_LoadProvider(hr:0x80004002)
2013-07-24 11:59:47, Warning DISM DISM Provider Store: PID=7232 TID=4480 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\Wow64provider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x80004002)
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\SmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\SmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\EmbeddedProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Warning DISM DISM Provider Store: PID=7232 TID=4480 Failed to Load the provider: C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\EmbeddedProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\AppxProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\AppxProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\AssocProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\AssocProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Loading Provider from location C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\TransmogProvider.dll - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Connecting to the provider located at C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\TransmogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=4480 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2013-07-24 11:59:47, Info DISM DISM Transmog Provider: PID=7232 TID=4480 Current image session is [ONLINE] - CTransmogManager::GetMode
2013-07-24 11:59:47, Info DISM DISM Transmog Provider: PID=7232 TID=4480 Audit Mode: [No] - CTransmogManager::Initialize
2013-07-24 11:59:47, Info DISM DISM Transmog Provider: PID=7232 TID=4480 GetProductType: ProductType = [WinNT] - CTransmogManager::GetProductType
2013-07-24 11:59:47, Info DISM DISM Transmog Provider: PID=7232 TID=4480 Product Type: [WinNT] - CTransmogManager::Initialize
2013-07-24 11:59:47, Info DISM DISM Transmog Provider: PID=7232 TID=4480 Product Type ServerNT : [No] - CTransmogManager::Initialize
2013-07-24 11:59:47, Info DISM DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: OSServices
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Package Manager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Package Manager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: MsiManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: MsiManager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: IntlManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: IntlManager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: IBSManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: DriverManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: DriverManager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Unattend Manager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Unattend Manager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: SmiManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: AppxManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: AppxManager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: AssocManager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: AssocManager.
2013-07-24 11:59:47, Info DISM DISM.EXE: Attempting to add the commands from provider: Edition Manager
2013-07-24 11:59:47, Info DISM DISM.EXE: Succesfully registered commands for the provider: Edition Manager.
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=7896 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2013-07-24 11:59:47, Info DISM DISM Provider Store: PID=7232 TID=7896 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=7896 Processing the top level command token(cleanup-image). - CPackageManagerCLIHandler::Private_ValidateCmdLine
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=7896 Attempting to route to appropriate command handler. - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=7896 Routing the command... - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 11:59:47, Info DISM DISM Package Manager: PID=7232 TID=7896 CBS session options=0x48100! - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 <----- Starting corruption detect/repair info -----> - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896
=================================
Checking System Update Readiness.


Summary:
Operation: Detect and Repair
Operation result: 0x0
Last Successful Step: Entire operation completes.
Total Detected Corruption: 0
CBS Manifest Corruption: 0
CBS Metadata Corruption: 0
CSI Manifest Corruption: 0
CSI Metadata Corruption: 0
CSI Payload Corruption: 0
Total Repaired Corruption: 0
CBS Manifest Repaired: 0
CSI Manifest Repaired: 0
CSI Payload Repaired: 0
CSI Store Metadata refreshed: True

Total Operation Time: 1218 seconds.
- CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 <----- Ending corruption detect/repair info -----> - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 - CDISMPackageManager::Internal_Finalize
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2013-07-24 12:20:09, Error DISM DISM Package Manager: PID=7232 TID=7896 Failed while processing command cleanup-image. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x800f081f)
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2013-07-24 12:20:09, Error DISM DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=800F081F
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Found the PE Provider. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(DISM Package Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Package Manager: PID=7232 TID=7896 Finalizing CBS core. - CDISMPackageManager::Finalize
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: DISM Package Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(MsiManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: MsiManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(IntlManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: IntlManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(IBSManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: IBSManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(DriverManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: DriverManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(DISM Unattend Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: DISM Unattend Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(SmiManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: SmiManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(AppxManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: AppxManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(AssocManager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: AssocManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Finalizing the servicing provider(Edition Manager) - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: Edition Manager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Releasing the local reference to OSServices. - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Disconnecting Provider: OSServices - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=7232 TID=7896 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM.EXE: Image session has been closed. Reboot required=no.
2013-07-24 12:20:09, Info DISM DISM.EXE:
2013-07-24 12:20:09, Info DISM DISM.EXE: <----- Ending Dism.exe session ----->
2013-07-24 12:20:09, Info DISM DISM.EXE:
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=6584 TID=7876 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=6584 TID=7876 Disconnecting Provider: FolderManager - CDISMProviderStore::Internal_DisconnectProvider
2013-07-24 12:20:09, Info DISM DISM Provider Store: PID=6584 TID=7876 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Does the file:

C:\Users\Pam\AppData\Local\Temp\9AEB3D81-E330-4E70-9395-FFBDDC912FFC\Wow64provider.dll even exist? I'm not surprised that it can't find a file that lives in the Temp folder. Just surprised that something like DISM would even look there. Got to be a mistake on Microsoft's part. Looks like it didn't find any corruption tho.

Run another Process Explorer just as before and copy and paste the log.
  • 0

#10
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
Cu_.exe 23.35 9,900 K 956 K 7012 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Bu_.exe 22.62 9,908 K 780 K 4668 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Du_.exe 22.44 9,928 K 6,492 K 9104 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Au_.exe 20.59 9,908 K 748 K 7908 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
WDSmartWare.exe 5.33 243,908 K 256,912 K 5728 WD SmartWare Western Digital (Verified) Western Digital Technologies Inc.
procexp (1)64.exe 1.86 31,772 K 62,120 K 9432 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 0.56 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.53 24,768 K 35,936 K 672 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.49 144 K 12,652 K 4
avp.exe 0.39 347,648 K 98,940 K 1880 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
Skype.exe 0.30 132,380 K 173,412 K 7408 Skype Skype Technologies S.A. (Verified) Skype Technologies SA
stpass.exe 0.27 40,844 K 49,740 K 3276 Kaspersky Password Manager Kaspersky Lab (Verified) Kaspersky Lab
csrss.exe 0.24 3,928 K 41,772 K 768 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.12 32,480 K 36,076 K 4544 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 0.10 6,188 K 15,536 K 1572 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
BingDesktop.exe 0.10 9,096 K 27,564 K 5812 Bing Desktop Application Microsoft Corp. (Verified) Microsoft Corporation
ePowerEvent.exe 0.10 1,724 K 5,680 K 6172 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
avp.exe 0.09 37,040 K 9,968 K 5860 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
explorer.exe 0.09 157,824 K 228,088 K 2700 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.07 52,956 K 59,640 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
RapportMgmtService.exe 0.07 32,204 K 22,380 K 428 RapportMgmtService Trusteer Ltd. (Verified) Trusteer
svchost.exe 0.05 16,544 K 21,964 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 0.04 26,964 K 29,708 K 8640 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
avp.exe 0.04 29,984 K 3,284 K 10220 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
WDDMService.exe 0.04 75,740 K 12,032 K 2352 WD Drive Manager Service WDC (No signature was present in the subject) WDC
LMS.exe 0.02 1,504 K 4,684 K 6616 Local Manageability Service Intel Corporation (Verified) Intel Corporation
chrome.exe 0.02 247,876 K 287,964 K 796 Google Chrome Google Inc. (Verified) Google Inc
ETDCtrlHelper.exe 0.01 2,380 K 7,304 K 6000 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
WDDMStatus.exe 0.01 4,748 K 10,408 K 5656 WD Drive Manager WDC (Verified) Western Digital Technologies Inc.
ePowerTray.exe 0.01 2,740 K 2,204 K 4992 ePowerTray Acer Incorporated (Verified) Acer Incorporated
svchost.exe 0.01 26,988 K 34,932 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 0.01 6,212 K 19,672 K 5272 ETD Control Center ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
services.exe 0.01 5,672 K 9,444 K 860 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
c2c_service.exe 0.01 2,188 K 6,004 K 2192 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
LManager.exe < 0.01 5,240 K 12,488 K 3220 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
svchost.exe < 0.01 8,668 K 14,020 K 4168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 30,988 K 34,544 K 1600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dsiwmis.exe < 0.01 1,928 K 5,100 K 916 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
RapportService.exe < 0.01 40,692 K 36,824 K 3456 RapportService Trusteer Ltd. (Verified) Trusteer
chrome.exe < 0.01 121,768 K 122,564 K 7332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 23,788 K 26,400 K 3740 Google Chrome Google Inc. (Verified) Google Inc
IScheduleSvc.exe < 0.01 7,608 K 17,432 K 2084 Backup Manager Module NTI Corporation (Verified) NTI Corporation
LMutilps32.exe < 0.01 6,212 K 7,740 K 2628 Launch Manager utility process Dritek System Inc. (Verified) Dritek System Inc.
mbamgui.exe < 0.01 8,048 K 14,100 K 2612 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
chrome.exe < 0.01 27,216 K 33,744 K 4732 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 38,556 K 56,056 K 10148 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 4,108 K 10,060 K 976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8,272 K 17,508 K 4000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process < 0.01 0 K 20 K 0
BtvStack.exe < 0.01 28,440 K 31,988 K 3832 Extension Core Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
WWAHost.exe 92,452 K 141,624 K 8812 Microsoft WWA Host Microsoft Corporation (Verified) Microsoft Windows
WWAHost.exe Suspended 58,268 K 106,784 K 6756 Microsoft WWA Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 6,412 K 4,960 K 7292 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,280 K 6,704 K 3180 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,408 K 8,308 K 816 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 888 K 3,592 K 744 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WDSmartWareBackgroundService.exe 24,100 K 17,656 K 2748 WDSmartWareBackgroundService Memeo (No signature was present in the subject) Memeo
unsecapp.exe 1,828 K 7,056 K 3340 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,780 K 7,160 K 6372 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,404 K 10,744 K 5388 User Notification Service Intel Corporation (Verified) Intel Corporation
taskhostex.exe 9,256 K 17,056 K 2580 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 8,056 K 20,732 K 1336 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,188 K 9,824 K 296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,648 K 23,328 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 117,056 K 125,288 K 1248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,636 K 5,744 K 4040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,216 K 7,408 K 2320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 1,408 K 5,560 K 2288 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 63,336 K 2,340 K 2732 SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 296 K 1,048 K 420 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,016 K 23,032 K 4304 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RfBtnSvc64.exe 1,244 K 4,960 K 2156 RfBtnSvc Application Dritek System INC. (Verified) Dritek System Inc.
RAVCpl64.exe 4,380 K 11,508 K 4100 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RAVBg64.exe 4,584 K 10,084 K 5136 HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
ProtectedObjectsSrv.exe 1,208 K 4,676 K 1996 InfoWatch CryptoStorage Protected objects controller service Infowatch (Verified) ZAO InfoWatch
procexp (1).exe 2,348 K 7,832 K 1660 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PmmUpdate.exe 2,956 K 6,100 K 3444 PMM Update Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
pcee4.exe 31,572 K 32,880 K 5736 Dolby Profile Selector Dolby Laboratories Inc. (Verified) Dolby Laboratories
notepad.exe 1,800 K 8,484 K 6420 Notepad Microsoft Corporation (Verified) Microsoft Windows
msiexec.exe 17,868 K 11,360 K 1728 Windows® installer Microsoft Corporation (Verified) Microsoft Windows
MMDx64Fx.exe 2,120 K 7,932 K 3464 MMDx64Fx Application Dritek System Inc. (Verified) Dritek System Inc.
mbamservice.exe 126,360 K 124,040 K 1796 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 1,984 K 5,728 K 1696 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 5,940 K 13,440 K 868 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LiveComm.exe 19,324 K 22,708 K 4272 Communications Service Microsoft Corporation (Verified) Microsoft Corporation
klwtblfs.exe 1,572 K 6,024 K 2444 WebToolBar component Kaspersky Lab ZAO (Verified) Kaspersky Lab
Jhi_service.exe 1,088 K 4,144 K 1652 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
iuEmailOutlookAgent.exe 18,328 K 4,308 K 3632 iuEmailOutlookAgent (Verified) Acer Incorporated
iuBrowserIEAgent.exe 21,428 K 4,396 K 3540 iuBrowserIEAgent (Verified) Acer Incorporated
igfxtray.exe 1,936 K 6,988 K 5336 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2,176 K 7,392 K 6268 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2,272 K 8,084 K 5456 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 1,748 K 6,408 K 3564 igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 1,976 K 6,916 K 5432 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HeciServer.exe 1,196 K 4,972 K 1276 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
GoogleCrashHandler64.exe 1,304 K 524 K 4488 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,556 K 1,200 K 3788 Google Crash Handler Google Inc. (Verified) Google Inc
ePowerSvc.exe 1,908 K 6,736 K 7056 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
EgisUpdate.exe 2,564 K 1,256 K 7492 EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
dllhost.exe 1,708 K 6,504 K 5116 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 27,384 K 42,300 K 4316 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,608 K 6,164 K 8512 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 6,856 K 14,672 K 2028 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,640 K 4,216 K 684 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,780 K 7,104 K 8080 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 1,460 K 2,220 K 8124 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 8,160 K 16,992 K 2508 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 23,096 K 26,212 K 3288 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,168 K 21,488 K 6260 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,620 K 21,768 K 6256 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,788 K 22,336 K 2896 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,208 K 20,588 K 2740 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 19,744 K 20,312 K 4944 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,476 K 31,412 K 5288 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 10,156 K 16,292 K 7384 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6,436 K 11,336 K 5980 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6,380 K 12,476 K 9252 Google Chrome Google Inc. (Verified) Google Inc
CCleaner64.exe 5,312 K 1,616 K 5520 CCleaner Piriform Ltd (Verified) Piriform Ltd
CCDMonitorService.exe 1,716 K 5,884 K 1960 CCD Monitor Service Acer Incorporated (Verified) Acer Incorporated
Calculator.exe Suspended 41,068 K 65,836 K 2808 Calculator² Richard Walters (No signature was present in the subject) Richard Walters
BingDesktopUpdater.exe 2,796 K 8,092 K 1936 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
BDRuntimeHost.exe 11,684 K 20,748 K 1736 BDRuntimeHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDExtHost.exe 7,164 K 13,844 K 5560 BDExtHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDAppHost.exe 3,496 K 9,124 K 6076 BDAppHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BcmSqlStartupSvc.exe 1,092 K 3,904 K 1916 BCM SQL Startup Service Microsoft Corporation (Verified) Microsoft Corporation
BackupManagerTray.exe 6,576 K 12,144 K 5628 Acer Backup Manager NTI Corporation (Verified) NTI Corporation
backgroundTaskHost.exe 18,696 K 12,752 K 9172 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,104 K 3,860 K 1836 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AdminService.exe 1,528 K 4,864 K 1856 AdminService Application Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
ActivateDesktop.exe 1,676 K 5,984 K 4532 (Verified) Qualcomm Atheros


Computer is still painfully slow
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Cu_.exe 23.35 9,900 K 956 K 7012 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Bu_.exe 22.62 9,908 K 780 K 4668 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Du_.exe 22.44 9,928 K 6,492 K 9104 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.
Au_.exe 20.59 9,908 K 748 K 7908 Yahoo! Toolbar Uninstall Setup Yahoo! Inc. (No signature was present in the subject) Yahoo! Inc.

Yahoo uninstaller is hung.

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\Program Files (x86)\Yahoo!

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07242013-some number.log so look there if you don't see it.

Now run Process Explorer again and create the log as before.
  • 0

#12
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I ran OTL and when I tried to get the report I did find the OTL file but could not open in note pad the following are the links it took me to:
07242013_225202
c:\_OTL\MovedFiles
C_Program Files (x86)
Yahoo
Common (dated 07/21/2013)
Companion (dated 0724/2013)
Data (07/21/2013)
Installs (07/24/2013)
cpn0 (07/21/2013)
inyt.exe.manifest
visic_coupon.dll
yt.dll
ytbb.exe
ytbn. exe all dated 5/1/2013

I went ahead and ran the process explorer and post the following log:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ActivateDesktop.exe 1,672 K 5,984 K 4972 (Verified) Qualcomm Atheros
AdminService.exe 1,452 K 4,824 K 1852 AdminService Application Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
armsvc.exe 1,100 K 3,848 K 1832 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
audiodg.exe 7,200 K 10,516 K 7596 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
BackupManagerTray.exe 6,572 K 11,872 K 5456 Acer Backup Manager NTI Corporation (Verified) NTI Corporation
BcmSqlStartupSvc.exe 1,100 K 3,912 K 1912 BCM SQL Startup Service Microsoft Corporation (Verified) Microsoft Corporation
BDAppHost.exe 6,400 K 10,860 K 248 BDAppHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDExtHost.exe 3,796 K 9,580 K 1796 BDExtHost.exe Microsoft Corp. (Verified) Microsoft Corporation
BDRuntimeHost.exe 11,476 K 19,800 K 3096 BDRuntimeHost.exe Microsoft Corp. (Verified) Microsoft Corporation
CCDMonitorService.exe 1,704 K 5,876 K 1996 CCD Monitor Service Acer Incorporated (Verified) Acer Incorporated
chrome.exe 9,464 K 14,620 K 6364 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 9,888 K 15,188 K 6372 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 9,132 K 12,972 K 6392 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,472 K 21,716 K 4624 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,828 K 20,648 K 5432 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,532 K 21,388 K 1332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 19,632 K 19,896 K 3176 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,504 K 26,732 K 2628 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,440 K 21,632 K 764 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,436 K 21,672 K 1032 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,792 K 27,056 K 3152 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,200 K 22,212 K 3040 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 41,848 K 45,152 K 3248 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 1,532 K 4,204 K 692 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 5,292 K 13,128 K 1236 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,660 K 6,452 K 3888 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
EgisUpdate.exe 2,564 K 1,148 K 1628 EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
ePowerSvc.exe 1,900 K 6,716 K 6824 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
GoogleCrashHandler.exe 1,456 K 416 K 4776 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1,316 K 472 K 4992 Google Crash Handler Google Inc. (Verified) Google Inc
HeciServer.exe 1,216 K 5,044 K 1756 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
hkcmd.exe 1,956 K 6,992 K 5208 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 1,692 K 6,356 K 4280 igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2,224 K 7,876 K 5316 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2,040 K 6,964 K 6884 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 1,908 K 6,980 K 5148 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
iuBrowserIEAgent.exe 17,848 K 2,252 K 6760 iuBrowserIEAgent (Verified) Acer Incorporated
iuEmailOutlookAgent.exe 17,792 K 2,228 K 6768 iuEmailOutlookAgent (Verified) Acer Incorporated
Jhi_service.exe 1,068 K 4,132 K 1124 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
LiveComm.exe Suspended 17,816 K 13,632 K 4348 Communications Service Microsoft Corporation (Verified) Microsoft Corporation
LMutilps32.exe < 0.01 6,208 K 7,600 K 3476 Launch Manager utility process Dritek System Inc. (Verified) Dritek System Inc.
lsass.exe 5,296 K 12,632 K 868 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe 1,964 K 5,716 K 1948 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe 126,200 K 123,856 K 1968 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
MMDx64Fx.exe 2,108 K 7,892 K 4252 MMDx64Fx Application Dritek System Inc. (Verified) Dritek System Inc.
ONENOTEM.EXE 5,944 K 1,656 K 4828 Microsoft OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
OSPPSVC.EXE 2,504 K 10,316 K 2540 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
pcee4.exe 31,588 K 32,404 K 5532 Dolby Profile Selector Dolby Laboratories Inc. (Verified) Dolby Laboratories
PmmUpdate.exe 1,820 K 744 K 2616 PMM Update Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
procexp (1).exe 2,268 K 7,632 K 2328 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ProtectedObjectsSrv.exe 1,216 K 4,696 K 2032 InfoWatch CryptoStorage Protected objects controller service Infowatch (Verified) ZAO InfoWatch
RAVBg64.exe 4,520 K 9,928 K 4088 HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RAVCpl64.exe 4,116 K 10,632 K 5068 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RfBtnSvc64.exe 1,252 K 4,940 K 2184 RfBtnSvc Application Dritek System INC. (Verified) Dritek System Inc.
RuntimeBroker.exe 3,160 K 13,380 K 1468 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
smss.exe 296 K 1,048 K 424 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 5,720 K 13,900 K 1484 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
sqlservr.exe < 0.01 67,572 K 49,824 K 2832 SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlwriter.exe 1,420 K 5,548 K 2284 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 712 K 2,940 K 2164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,112 K 6,764 K 2340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,400 K 4,516 K 3020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 21,180 K 23,792 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,036 K 18,252 K 1188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,916 K 8,716 K 296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,456 K 14,432 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 25,100 K 32,860 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,776 K 13,168 K 1952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,424 K 12,240 K 3640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 4,824 K 12,124 K 7344 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostex.exe < 0.01 5,176 K 9,880 K 3600 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TiWorker.exe 5,296 K 7,184 K 2968 Windows Modules Installer Worker Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 1,492 K 4,624 K 7816 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,328 K 10,712 K 768 User Notification Service Intel Corporation (Verified) Intel Corporation
unsecapp.exe 1,856 K 6,772 K 1940 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,812 K 6,556 K 4148 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
WDSmartWareBackgroundService.exe 24,088 K 17,628 K 2472 WDSmartWareBackgroundService Memeo (No signature was present in the subject) Memeo
wininit.exe 880 K 3,660 K 748 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,372 K 8,124 K 816 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,400 K 6,664 K 2864 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 6,240 K 18,200 K 6352 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
BtvStack.exe < 0.01 28,548 K 31,612 K 4860 Extension Core Qualcomm Atheros Commnucations (Verified) Qualcomm Atheros
svchost.exe < 0.01 3,496 K 9,280 K 976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe < 0.01 5,072 K 12,328 K 3488 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 83,964 K 90,192 K 1240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe < 0.01 7,428 K 16,832 K 2076 Backup Manager Module NTI Corporation (Verified) NTI Corporation
BingDesktopUpdater.exe 2,664 K 7,984 K 1932 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 28,088 K 44,716 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
RapportService.exe < 0.01 31,160 K 27,868 K 3592 RapportService Trusteer Ltd. (Verified) Trusteer
dsiwmis.exe < 0.01 1,920 K 5,024 K 572 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
chrome.exe < 0.01 36,276 K 48,736 K 7084 Google Chrome Google Inc. (Verified) Google Inc
LManager.exe 0.01 8,140 K 14,104 K 3588 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
services.exe 0.01 4,520 K 8,236 K 860 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.01 85,372 K 133,436 K 4056 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 0.01 5,656 K 18,308 K 3736 ETD Control Center ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
RapportMgmtService.exe 0.05 19,372 K 25,332 K 436 RapportMgmtService Trusteer Ltd. (Verified) Trusteer
WDDMStatus.exe 0.01 4,744 K 10,272 K 5484 WD Drive Manager WDC (Verified) Western Digital Technologies Inc.
LMS.exe 0.01 1,236 K 4,432 K 6948 Local Manageability Service Intel Corporation (Verified) Intel Corporation
c2c_service.exe 0.02 2,136 K 6,064 K 2228 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
ONENOTE.EXE 0.01 20,308 K 7,184 K 6508 Microsoft OneNote Microsoft Corporation (Verified) Microsoft Corporation
ETDCtrlHelper.exe 0.02 2,176 K 6,408 K 5420 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
ePowerTray.exe 0.03 2,748 K 1,368 K 5044 ePowerTray Acer Incorporated (Verified) Acer Incorporated
WDDMService.exe 0.02 75,716 K 10,116 K 2368 WD Drive Manager Service WDC (No signature was present in the subject) WDC
chrome.exe 0.04 115,096 K 135,560 K 6052 Google Chrome Google Inc. (Verified) Google Inc
SearchIndexer.exe 0.04 30,972 K 34,652 K 4840 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ePowerEvent.exe 0.09 1,720 K 5,532 K 6712 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
BingDesktop.exe 0.10 11,724 K 27,344 K 5796 Bing Desktop Application Microsoft Corp. (Verified) Microsoft Corporation
avp.exe 0.13 49,800 K 8,984 K 5640 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
csrss.exe 0.25 2,752 K 28,592 K 772 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.43 17,084 K 24,788 K 684 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
avp.exe 0.22 280,996 K 96,000 K 1876 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
System 0.63 124 K 2,984 K 4
stpass.exe 0.60 41,276 K 49,996 K 3428 Kaspersky Password Manager Kaspersky Lab (Verified) Kaspersky Lab
Interrupts 0.70 0 K 0 K n/a Hardware Interrupts and DPCs
procexp (1)64.exe 1.43 27,000 K 53,836 K 7964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
WDSmartWare.exe 1.56 136,532 K 147,092 K 5508 WD SmartWare Western Digital (Verified) Western Digital Technologies Inc.
System Idle Process 92.21 0 K 20 K 0

Thanks so much for all your help it took me 6 minutes to open your last email, another 3 to get the link and another 2 minutes to open the link.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#14
PjMac

PjMac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Posted Image

Once I ran OTL last night it improved my speed greatly. tysm
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix (if we ran it), copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP