Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

High usage of RAM and PC is Slow [Solved]


  • This topic is locked This topic is locked

#1
CesarT

CesarT

    Member

  • Member
  • PipPip
  • 19 posts
Hello, My computer has been running slow or glitchy lately, so i did a basic cleanup a few weeks ago, but that didn't seem to help it out a lot.

I have uninstalled software from my computer to see if I can make it run faster but for some reason it still seems to be slow. Anytime I check in task manager it seems im running most of my RAM. I have 2 gb of Ram and its always around 1.47 when Im just on the internet.

I ran a virus scan and it doesn't show any viruses found, so I thought that maybe I have a lot of programs but even after removing a lot, I still have high usage, CPU sometime will be running at 100% when I run programs or video from Youtube.

Here are the OTL Logs as of yesterday night. I appreciate the help.

**OTL**
*******

OTL logfile created on: 9/4/2013 10:14:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Da Biz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.27% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164.23 Gb Total Space | 36.64 Gb Free Space | 22.31% Space Free | Partition Type: NTFS

Computer Name: 9G-HP | User Name: 9g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/08/29 19:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Da Biz\Downloads\OTL.exe
PRC - [2013/08/20 08:45:47 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/20 08:45:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/20 08:45:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/26 21:29:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/02 19:51:21 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/09 19:38:05 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/09 11:31:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/24 21:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/08/24 21:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/06/01 22:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/01 22:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/06/01 22:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/22 16:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2010/12/20 22:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/02 23:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 23:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 23:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 23:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/03 08:24:36 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2009/11/03 07:01:04 | 000,318,336 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE:64bit: - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...371934233128142
IE - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...371934233128142
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PremierOpinion\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/29 08:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/20 08:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013/08/26 15:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\9g\AppData\Roaming\Mozilla\Extensions
[2013/05/15 14:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\9g\AppData\Roaming\Mozilla\Firefox\Profiles\dgnjckca.default\extensions
[2013/05/15 14:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\9g\AppData\Roaming\Mozilla\Firefox\Profiles\dgnjckca.default\extensions\[email protected]
[2013/08/20 08:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/20 08:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/09 19:41:32 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://lavasoft.blek...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securesearch....E39915164D13997
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: RealDownloader = C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {F0E59437-6148-4A98-B0A6-60D557EF57F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{091E1DEF-1170-4B1E-A111-D77334E86474}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD67B5E6-FB7E-4458-8651-A2D0043C59BF}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E95B24-B8D2-4FBB-987B-15DD40F41CA2}: DhcpNameServer = 66.233.169.12 64.13.115.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/28 18:03:53 | 000,000,000 | ---D | C] -- C:\Users\9g\Documents\My Recordings
[2013/08/27 22:09:58 | 000,000,000 | ---D | C] -- C:\Users\9g\Documents\New folder
[2013/08/26 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/08/24 23:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/08/24 23:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/24 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/08/20 08:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/04 22:11:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 22:11:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 22:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/04 21:34:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/04 21:34:07 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/09/04 21:33:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/04 21:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/03 10:53:51 | 000,780,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 10:53:51 | 000,660,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 10:53:51 | 000,121,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/03 08:01:24 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 19:51:21 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

========== Files Created - No Company Name ==========

[2013/08/24 23:07:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/23 22:38:02 | 000,005,144 | ---- | C] () -- C:\Users\9g\.recently-used.xbel
[2013/05/14 19:07:54 | 000,007,610 | ---- | C] () -- C:\Users\9g\AppData\Local\Resmon.ResmonCfg
[2013/03/04 14:55:21 | 000,002,984 | ---- | C] () -- C:\Users\9g\photorec.cfg
[2012/12/30 12:21:23 | 000,004,608 | ---- | C] () -- C:\Users\9g\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 15:22:27 | 000,773,980 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 17:23:53 | 000,060,864 | ---- | C] () -- C:\Users\9g\g2mdlhlpx.exe
[2011/10/11 16:26:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/11 16:18:29 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/10/11 16:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/10 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\Ad-Aware Antivirus
[2013/02/19 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\Article Marketing Robot
[2012/01/16 18:28:57 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\ConverterLite
[2012/01/16 18:27:21 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\DVDVideoSoft
[2013/05/23 22:38:02 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\gtk-2.0
[2012/05/16 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/10/17 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\OpenOffice.org
[2012/05/20 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\redsn0w
[2013/04/09 19:41:31 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\SecureSearch
[2013/08/26 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\SoftGrid Client
[2013/03/18 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\TestApp
[2011/12/14 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\TP
[2013/02/19 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\TuneUp Software
[2012/05/22 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\Youtube Downloader HD
[2012/09/18 22:38:30 | 000,000,000 | ---D | M] -- C:\Users\9g\AppData\Roaming\Youtube to MP3 Converter
[2013/01/31 12:27:56 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\gtk-2.0
[2013/02/22 08:51:45 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\Iminent
[2013/05/17 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/03/07 19:07:14 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\OpenOffice.org
[2012/08/16 23:43:20 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\Opera
[2013/08/29 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\SanDisk SecureAccess
[2013/09/04 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\SoftGrid Client
[2012/04/17 10:37:10 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\WildTangent
[2012/08/12 07:24:20 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\Youtube Downloader HD
[2013/03/20 10:09:15 | 000,000,000 | ---D | M] -- C:\Users\Da Biz\AppData\Roaming\Youtube to MP3 Converter
[2013/03/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/09/01 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\gtk-2.0
[2013/08/26 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013/03/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9424-07A7
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\9g
10/11/2011 05:01 PM <JUNCTION> Application Data [C:\Users\9g\AppData\Roaming]
10/11/2011 05:01 PM <JUNCTION> Cookies [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Cookies]
10/11/2011 05:01 PM <JUNCTION> Local Settings [C:\Users\9g\AppData\Local]
10/11/2011 05:01 PM <JUNCTION> My Documents [C:\Users\9g\Documents]
10/11/2011 05:01 PM <JUNCTION> NetHood [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/11/2011 05:01 PM <JUNCTION> PrintHood [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/11/2011 05:01 PM <JUNCTION> Recent [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Recent]
10/11/2011 05:01 PM <JUNCTION> SendTo [C:\Users\9g\AppData\Roaming\Microsoft\Windows\SendTo]
10/11/2011 05:01 PM <JUNCTION> Start Menu [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Start Menu]
10/11/2011 05:01 PM <JUNCTION> Templates [C:\Users\9g\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\9g\AppData\Local
10/11/2011 05:01 PM <JUNCTION> Application Data [C:\Users\9g\AppData\Local]
10/11/2011 05:01 PM <JUNCTION> History [C:\Users\9g\AppData\Local\Microsoft\Windows\History]
10/11/2011 05:01 PM <JUNCTION> Temporary Internet Files [C:\Users\9g\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\9g\AppData\LocalLow
06/14/2012 06:24 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\9g\Documents
10/11/2011 05:01 PM <JUNCTION> My Music [C:\Users\9g\Music]
10/11/2011 05:01 PM <JUNCTION> My Pictures [C:\Users\9g\Pictures]
10/11/2011 05:01 PM <JUNCTION> My Videos [C:\Users\9g\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Da Biz
02/10/2012 10:28 PM <JUNCTION> Application Data [C:\Users\Da Biz\AppData\Roaming]
02/10/2012 10:28 PM <JUNCTION> Cookies [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Cookies]
02/10/2012 10:28 PM <JUNCTION> Local Settings [C:\Users\Da Biz\AppData\Local]
02/10/2012 10:28 PM <JUNCTION> My Documents [C:\Users\Da Biz\Documents]
02/10/2012 10:28 PM <JUNCTION> NetHood [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/10/2012 10:28 PM <JUNCTION> PrintHood [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/10/2012 10:28 PM <JUNCTION> Recent [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Recent]
02/10/2012 10:28 PM <JUNCTION> SendTo [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\SendTo]
02/10/2012 10:28 PM <JUNCTION> Start Menu [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Start Menu]
02/10/2012 10:28 PM <JUNCTION> Templates [C:\Users\Da Biz\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Da Biz\AppData\Local
02/10/2012 10:28 PM <JUNCTION> Application Data [C:\Users\Da Biz\AppData\Local]
02/10/2012 10:28 PM <JUNCTION> History [C:\Users\Da Biz\AppData\Local\Microsoft\Windows\History]
02/10/2012 10:28 PM <JUNCTION> Temporary Internet Files [C:\Users\Da Biz\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Da Biz\Documents
02/10/2012 10:28 PM <JUNCTION> My Music [C:\Users\Da Biz\Music]
02/10/2012 10:28 PM <JUNCTION> My Pictures [C:\Users\Da Biz\Pictures]
02/10/2012 10:28 PM <JUNCTION> My Videos [C:\Users\Da Biz\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Test
08/24/2013 11:16 PM <JUNCTION> Application Data [C:\Users\Test\AppData\Roaming]
08/24/2013 11:16 PM <JUNCTION> Cookies [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Cookies]
08/24/2013 11:16 PM <JUNCTION> Local Settings [C:\Users\Test\AppData\Local]
08/24/2013 11:16 PM <JUNCTION> My Documents [C:\Users\Test\Documents]
08/24/2013 11:16 PM <JUNCTION> NetHood [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/24/2013 11:16 PM <JUNCTION> PrintHood [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/24/2013 11:16 PM <JUNCTION> Recent [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Recent]
08/24/2013 11:16 PM <JUNCTION> SendTo [C:\Users\Test\AppData\Roaming\Microsoft\Windows\SendTo]
08/24/2013 11:16 PM <JUNCTION> Start Menu [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu]
08/24/2013 11:16 PM <JUNCTION> Templates [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Test\AppData\Local
08/24/2013 11:16 PM <JUNCTION> Application Data [C:\Users\Test\AppData\Local]
08/24/2013 11:16 PM <JUNCTION> History [C:\Users\Test\AppData\Local\Microsoft\Windows\History]
08/24/2013 11:16 PM <JUNCTION> Temporary Internet Files [C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Test\Documents
08/24/2013 11:16 PM <JUNCTION> My Music [C:\Users\Test\Music]
08/24/2013 11:16 PM <JUNCTION> My Pictures [C:\Users\Test\Pictures]
08/24/2013 11:16 PM <JUNCTION> My Videos [C:\Users\Test\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
83 Dir(s) 39,336,456,192 bytes free

< End of report >
--------------------------------------------------------------------

***********
Extras Log*
***********
OTL Extras logfile created on: 9/4/2013 10:14:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Da Biz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.27% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164.23 Gb Total Space | 36.64 Gb Free Space | 22.31% Space Free | Partition Type: NTFS

Computer Name: 9G-HP | User Name: 9g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{06751C36-C438-41B8-B57C-AB3376F7DF1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A1CA67F-3063-4E85-9D7E-4284D8741010}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD9FA9F-DA71-4665-BE5C-07F976388FF9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DFF21D2-87C2-433E-AC38-E712C5EF3C37}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{522331B4-E907-461B-9FDE-BBEA3D68D9D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5399D6EA-00A0-474F-9644-FDCCE0AFF406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AD4450B-1867-4F67-88DB-D2254255CC81}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BA22ADB-6C22-4D40-8530-7E18F9C43913}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BEEFB68-6896-4D0B-8716-671D73CEED6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81C3779A-7527-41BB-AF54-0C9EEBF61D2B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95F4B79D-771B-4C40-A384-7AD71BF09745}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A594F3B1-ABE6-40D7-932E-BF70A840DD51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9B9E1C0-329B-4C9B-A221-33B4503D4E7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B46EF309-35B9-4984-9B96-1CE77E816151}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2E21458-1B98-4A11-9990-AA5D6EF9687F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{E03E794B-7A77-4F42-ABBA-63706219C6E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E72FB078-FC99-4E2C-B0C4-B7EB2403AA1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0E07795-C3A3-465C-94AB-36BA7FE94F7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CE880E-8769-4500-9337-4CDCFE8FC652}" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0A6C756D-48E7-4459-A5C8-53900ACE2282}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{0C058611-59FD-4FBB-8455-3C4895AE71C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10E64BF6-71FE-4B92-BFF4-128D348F8903}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1C925375-9C51-4DF2-9BC4-B313E864C372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D95C673-E5C2-4EE2-B85D-1BBA8595186A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DD3F82B-C60E-447F-939B-917F6C81B1E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F54AC34-1777-432D-B2B7-73FB2BC24BFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{210F4FEF-A5D8-43E8-BB48-B56587D3ECDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2568CBF2-DAB1-4239-B0B0-396ED2F4F6AC}" = protocol=6 | dir=out | app=system |
"{27537592-7D29-430D-8254-0841FFDDACD4}" = protocol=6 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{2E75726F-9004-42C0-8D65-C53DB4FD710E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{300E93DF-FF81-4163-8D29-929E8ACF2D57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30853BDC-0F2A-4C54-994E-E3568C721109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3409FE45-4B85-476E-809E-9407E5E2F8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{3E8F0346-18BB-49C6-91A5-1A7A08636058}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FD5269D-D76A-493C-BE64-51B36B8B3E22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52AD146E-E26C-4D3B-A1F8-80B9F5575104}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{5438BED1-69BF-47F7-A680-1466F3EEE0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{576B49D1-0428-40F7-BB8D-18584CA3DC11}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{6D1944DA-3C10-4FBC-BE84-781BD314FAD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{703222F4-5726-43F1-A912-AF04058ECDBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84935A2E-FFDA-405A-82DD-4BF4A5AE9AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{94AA9D5C-4659-4C54-95C5-27CB2FF0B044}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{991E1005-735A-49B6-8A83-8855A3F5270F}" = protocol=17 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{9D5FDE28-4157-4BE2-B9FC-5B9DAA30FFDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A454D904-2D92-4866-A90F-FC345430084E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5AA1904-4FB0-4295-93ED-A0C3985872D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A604E103-BAE6-4DB3-A35F-B540E0AAF5B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B75E78ED-E1A0-4E4E-8F2D-C7EB268C716B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7626618-7E63-43C1-8EC9-98553DA6FB80}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{BC1E6AED-13C4-492B-880F-B93992FABDA4}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{C788F6D5-557E-4A02-88F0-AC1BC34F6A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CBEC79FC-5A5E-4288-85D2-E07A0C90178E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D284FA5A-F2B7-4460-964B-AFB42D2A8489}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC4161E4-EA0A-46EB-B0CE-25599506DCD9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DEB72B53-1533-4A19-A45D-583198F869E0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E8C6368D-A3CC-47F2-BC2E-17FFD52EBD69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E8F38FE7-196C-4803-B5C4-CCCE8546FF8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9A7848A-52FF-4780-AF0D-7DB2EF1B0AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{EDFDD2A3-E004-497B-A2E2-F24B110EE4C1}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{F6D103E0-B8CA-4CCF-9DEE-2E02EF7A2100}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8D5D01B-19E0-4407-901F-19FB5F742D0E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F944BACC-FBBC-44C0-9A7F-20D6351312D0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FC7D7A1E-0756-42BB-84F4-63D2930BB3D4}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{FE267C71-9BA2-4E15-9027-9A40C2B2E7A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{9F729D8A-7383-4BE0-872F-080245A01FD3}C:\program files (x86)\clockworkmod\tether\win32\node.exe" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Loki ActiveX Control" = Loki ActiveX Control
"MixPad" = MixPad
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Screen Recorder 3.0_is1" = My Screen Recorder 3.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 16.0" = RealPlayer
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player 2.0.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"GoToMeeting" = GoToMeeting 5.3.0.977

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"ExpressBurn" = Express Burn
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2013 2:45:59 AM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2013 2:45:59 AM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15803

Error - 8/25/2013 2:45:59 AM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15803

Error - 8/25/2013 3:08:21 AM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/25/2013 10:22:31 AM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/25/2013 10:22:31 AM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/26/2013 2:27:31 PM | Computer Name = 9g-HP | Source = Application Hang | ID = 1002
Description = The program gimp-2.6.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1124 Start
Time: 01cea289af824f87 Termination Time: 28 Application Path: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe

Report
Id: 28b73249-0e7d-11e3-b9b0-8e9ffa53c282

Error - 8/26/2013 2:28:36 PM | Computer Name = 9g-HP | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16576 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13b8 Start
Time: 01cea289fedfa285 Termination Time: 22 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 8/26/2013 6:13:42 PM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "E:\IfixPcs\Wallet CD\SoftonicDownloader_for_licensecrawler.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 8/26/2013 6:15:48 PM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]
Error - 12/22/2012 11:09:32 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 3/10/2013 12:32:40 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 3/24/2013 1:01:24 AM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 4/20/2013 6:12:17 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/20/2013 6:12:30 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/18/2013 2:14:33 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 5/25/2013 2:04:36 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

[ HP Wireless Assistant Events ]
Error - 12/19/2012 6:36:46 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/23/2012 1:02:28 AM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/28/2012 10:43:59 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 1/1/2013 11:33:32 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/27/2013 3:09:03 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/14/2013 9:13:59 AM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/29/2013 7:13:53 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2013 8:46:25 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 5/7/2013 8:47:11 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/14/2013 9:37:53 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

[ System Events ]
Error - 9/1/2013 11:07:18 AM | Computer Name = 9g-HP | Source = DCOM | ID = 10010
Description =

Error - 9/2/2013 12:25:51 AM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 9/3/2013 4:19:53 AM | Computer Name = 9g-HP | Source = DCOM | ID = 10010
Description =

Error - 9/3/2013 1:50:45 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:46 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:48 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:49 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:52 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:52 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 9/3/2013 1:50:53 PM | Computer Name = 9g-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.


< End of report >
--------------------------------------------------------------------------------

***************
ADware Cleaner*
***************
# AdwCleaner v3.002 - Report created 04/09/2013 at 23:07:45
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 9g - 9G-HP
# Running from : C:\Users\Da Biz\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : \END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Users\9g\AppData\Local\Conduit
Folder Found C:\Users\9g\AppData\Local\Coupon Companion Plugin
Folder Found C:\Users\9g\AppData\Local\cre
Folder Found C:\Users\9g\AppData\Local\SwvUpdater
Folder Found C:\Users\9g\AppData\LocalLow\Conduit
Folder Found C:\Users\Da Biz\AppData\LocalLow\adawaretb
Folder Found C:\Users\Da Biz\AppData\LocalLow\Conduit
Folder Found C:\Users\Da Biz\AppData\LocalLow\PriceGong
Folder Found C:\Users\Da Biz\AppData\Roaming\Iminent
Folder Found C:\Users\Da Biz\AppData\Roaming\Mozilla\Firefox\Profiles\wp98hd9l.default\adawaretb
Folder Found C:\Users\Da Biz\AppData\Roaming\Mozilla\Firefox\Profiles\wp98hd9l.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16576


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\9g\AppData\Roaming\Mozilla\Firefox\Profiles\ayjkf9fe.default\prefs.js ]


[ File : C:\Users\Da Biz\AppData\Roaming\Mozilla\Firefox\Profiles\wp98hd9l.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "13d02ddec05b33a10e98447116624275");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : search_url

[ File : C:\Users\Da Biz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9722 octets] - [04/09/2013 22:52:19]
AdwCleaner[R1].txt - [9612 octets] - [04/09/2013 23:07:45]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [9672 octets] ##########
-------------------------------------------------------------------------------

***************
Security Check*
***************
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

Advertisements


#2
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi CesarT, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Please select the Scan All Users checkbox.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

Step Three: Computer Symptoms

Please let me know what problems you are having with your computer.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
3. Let me know what problems you are having with your computer.
  • 0

#3
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you for your response. I will post the logs as soon as their are done. My pc is slower. I had ran superanti spyware and it seemed to get worse. lol
  • 0

#4
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 9/8/2013 8:32:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Da Biz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

762.90 Mb Total Physical Memory | 103.16 Mb Available Physical Memory | 13.52% Memory free
3.25 Gb Paging File | 1.69 Gb Available in Paging File | 52.09% Paging File free
Paging file location(s): c:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164.23 Gb Total Space | 29.72 Gb Free Space | 18.10% Space Free | Partition Type: NTFS

Computer Name: 9G-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/08/29 19:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Da Biz\Downloads\OTL.exe
PRC - [2013/08/20 08:45:47 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/15 14:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/06/29 08:13:30 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/06/13 02:27:36 | 018,834,784 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Da Biz\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/20 08:45:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 16:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Da Biz\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 13:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/20 08:45:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/26 21:29:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/08 16:19:07 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/07 09:54:33 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/09 11:31:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/24 21:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/08/24 21:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 22:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/01 22:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/06/01 22:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/22 16:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2010/12/20 22:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/03 08:24:36 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2009/11/03 07:01:04 | 000,318,336 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE:64bit: - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...371934233128142
IE - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1004\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKU\S-1-5-21-696807009-2496342843-4138137113-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PremierOpinion\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/29 08:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/20 08:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013/08/20 08:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/20 08:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/09 19:41:32 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Lavasoft NewTab = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\
CHR - Extension: Gmail = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {F0E59437-6148-4A98-B0A6-60D557EF57F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe File not found
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Da Biz\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe File not found
O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{091E1DEF-1170-4B1E-A111-D77334E86474}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD67B5E6-FB7E-4458-8651-A2D0043C59BF}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E95B24-B8D2-4FBB-987B-15DD40F41CA2}: DhcpNameServer = 66.233.169.12 64.13.115.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/07 18:01:16 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Ad-Aware Antivirus
[2013/09/07 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\adawarebp
[2013/09/07 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/09/07 09:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/09/07 09:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/09/07 09:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/09/07 09:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/09/07 09:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/09/07 09:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/09/07 09:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/09/07 09:54:11 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/09/05 12:01:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/09/05 12:01:28 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/05 10:34:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/05 10:34:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/05 10:34:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/05 10:34:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/05 10:34:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/05 10:34:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/05 10:34:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/05 10:34:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/05 10:34:03 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/05 10:34:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/05 10:34:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/05 10:34:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/05 10:34:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/05 10:34:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/05 10:34:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/05 10:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/05 10:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/05 10:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/05 10:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/05 10:02:01 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/09/05 10:02:01 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/09/05 10:01:59 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/09/05 10:01:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/09/05 10:01:58 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/09/05 10:00:49 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/09/05 10:00:14 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/09/05 10:00:14 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/09/05 10:00:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/09/05 10:00:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/09/05 09:59:50 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/09/05 09:59:49 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/09/05 09:59:40 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/09/05 09:59:40 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/09/05 09:53:50 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/09/05 07:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/05 07:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/05 07:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/04 23:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
[2013/09/04 22:52:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/01 12:47:28 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\gtk-2.0
[2013/09/01 12:47:26 | 000,000,000 | ---D | C] -- C:\Users\Test\.thumbnails
[2013/09/01 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Test\Documents\gegl-0.0
[2013/09/01 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Test\.gimp-2.6
[2013/08/30 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\vlc
[2013/08/30 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\dvdcss
[2013/08/26 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\SoftGrid Client
[2013/08/26 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013/08/26 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/08/25 07:07:58 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Apple Computer
[2013/08/24 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Hewlett-Packard
[2013/08/24 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\ATI
[2013/08/24 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\ATI
[2013/08/24 23:18:19 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\RealNetworks
[2013/08/24 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Hewlett-Packard
[2013/08/24 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Real
[2013/08/24 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Apple Computer
[2013/08/24 23:16:59 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Adobe
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\Searches
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/24 23:16:55 | 000,000,000 | -H-D | C] -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/24 23:16:44 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Identities
[2013/08/24 23:16:39 | 000,000,000 | R--D | C] -- C:\Users\Test\Contacts
[2013/08/24 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\VirtualStore
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\Temporary Internet Files
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Templates
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Start Menu
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\SendTo
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Recent
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\PrintHood
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\NetHood
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Videos
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Pictures
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Music
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\My Documents
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Local Settings
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\History
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Cookies
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Application Data
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\Application Data
[2013/08/24 23:16:22 | 000,000,000 | --SD | C] -- C:\Users\Test\AppData\Roaming\Microsoft
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Favorites
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Downloads
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Documents
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Desktop
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/24 23:16:22 | 000,000,000 | -H-D | C] -- C:\Users\Test\AppData
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\TuneUp Software
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Temp
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Microsoft
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Media Center Programs
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Macromedia
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Google
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Videos
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Saved Games
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Pictures
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Music
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Links
[2013/08/24 23:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/08/24 23:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/24 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/08/20 08:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/08 20:31:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 20:31:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 20:26:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 20:18:26 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/08 20:17:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 20:17:47 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/09/08 20:17:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/08 20:17:18 | 599,969,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/08 20:13:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/08 16:19:07 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/09/07 09:54:33 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/09/07 09:35:22 | 000,007,602 | ---- | M] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2013/09/06 17:04:40 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor9g.job
[2013/09/05 12:42:00 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/05 12:42:00 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/05 12:42:00 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/05 12:01:18 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/05 12:01:16 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/09/05 12:01:16 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/09/05 12:01:16 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/09/05 12:01:16 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/09/05 12:01:16 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/09/05 11:47:02 | 000,304,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/05 10:22:21 | 000,796,852 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/05 07:54:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/01 21:28:44 | 000,000,838 | ---- | M] () -- C:\Users\Test\.recently-used.xbel
[2013/08/28 21:12:01 | 001,827,736 | ---- | M] () -- C:\Users\Test\Documents\IMG_0701.JPG
[2013/08/28 21:11:58 | 001,764,628 | ---- | M] () -- C:\Users\Test\Documents\IMG_0700.JPG
[2013/08/25 18:25:39 | 000,002,239 | ---- | M] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/25 18:25:38 | 000,002,215 | ---- | M] () -- C:\Users\Test\Desktop\Google Chrome.lnk
[2013/08/24 23:29:05 | 000,112,335 | ---- | M] () -- C:\Users\Test\Documents\IMG_0304.JPG
[2013/08/24 23:23:52 | 000,154,341 | ---- | M] () -- C:\Users\Test\Documents\IMG_0364.JPG
[2013/08/24 23:17:56 | 000,001,407 | ---- | M] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/09/07 09:57:19 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/07 09:35:22 | 000,007,602 | ---- | C] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2013/09/05 12:19:37 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor9g.job
[2013/09/05 07:54:56 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/01 21:28:44 | 000,000,838 | ---- | C] () -- C:\Users\Test\.recently-used.xbel
[2013/08/28 21:13:45 | 001,827,736 | ---- | C] () -- C:\Users\Test\Documents\IMG_0701.JPG
[2013/08/28 21:13:37 | 001,764,628 | ---- | C] () -- C:\Users\Test\Documents\IMG_0700.JPG
[2013/08/25 18:23:35 | 000,154,341 | ---- | C] () -- C:\Users\Test\Documents\IMG_0364.JPG
[2013/08/25 18:22:52 | 000,112,335 | ---- | C] () -- C:\Users\Test\Documents\IMG_0304.JPG
[2013/08/24 23:17:56 | 000,001,407 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/24 23:16:59 | 000,001,413 | ---- | C] () -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/24 23:16:58 | 000,002,239 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/24 23:16:58 | 000,002,215 | ---- | C] () -- C:\Users\Test\Desktop\Google Chrome.lnk
[2013/08/24 23:16:22 | 000,000,290 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/24 23:16:22 | 000,000,272 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/24 23:07:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/14 15:22:27 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 16:26:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/11 16:18:29 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/10/11 16:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 06:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 06:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 06:27:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >
  • 0

#5
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL Extras logfile created on: 9/8/2013 8:32:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Da Biz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

762.90 Mb Total Physical Memory | 103.16 Mb Available Physical Memory | 13.52% Memory free
3.25 Gb Paging File | 1.69 Gb Available in Paging File | 52.09% Paging File free
Paging file location(s): c:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164.23 Gb Total Space | 29.72 Gb Free Space | 18.10% Space Free | Partition Type: NTFS

Computer Name: 9G-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{06751C36-C438-41B8-B57C-AB3376F7DF1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A1CA67F-3063-4E85-9D7E-4284D8741010}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD9FA9F-DA71-4665-BE5C-07F976388FF9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DFF21D2-87C2-433E-AC38-E712C5EF3C37}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{522331B4-E907-461B-9FDE-BBEA3D68D9D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5399D6EA-00A0-474F-9644-FDCCE0AFF406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AD4450B-1867-4F67-88DB-D2254255CC81}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6BA22ADB-6C22-4D40-8530-7E18F9C43913}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BEEFB68-6896-4D0B-8716-671D73CEED6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81C3779A-7527-41BB-AF54-0C9EEBF61D2B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95F4B79D-771B-4C40-A384-7AD71BF09745}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A594F3B1-ABE6-40D7-932E-BF70A840DD51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9B9E1C0-329B-4C9B-A221-33B4503D4E7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B46EF309-35B9-4984-9B96-1CE77E816151}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2E21458-1B98-4A11-9990-AA5D6EF9687F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{E03E794B-7A77-4F42-ABBA-63706219C6E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E72FB078-FC99-4E2C-B0C4-B7EB2403AA1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0E07795-C3A3-465C-94AB-36BA7FE94F7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CE880E-8769-4500-9337-4CDCFE8FC652}" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0A6C756D-48E7-4459-A5C8-53900ACE2282}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{0C058611-59FD-4FBB-8455-3C4895AE71C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10E64BF6-71FE-4B92-BFF4-128D348F8903}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1C925375-9C51-4DF2-9BC4-B313E864C372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D95C673-E5C2-4EE2-B85D-1BBA8595186A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DD3F82B-C60E-447F-939B-917F6C81B1E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F54AC34-1777-432D-B2B7-73FB2BC24BFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{210F4FEF-A5D8-43E8-BB48-B56587D3ECDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2568CBF2-DAB1-4239-B0B0-396ED2F4F6AC}" = protocol=6 | dir=out | app=system |
"{27537592-7D29-430D-8254-0841FFDDACD4}" = protocol=6 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{2E75726F-9004-42C0-8D65-C53DB4FD710E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{300E93DF-FF81-4163-8D29-929E8ACF2D57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30853BDC-0F2A-4C54-994E-E3568C721109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3409FE45-4B85-476E-809E-9407E5E2F8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{3E8F0346-18BB-49C6-91A5-1A7A08636058}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FD5269D-D76A-493C-BE64-51B36B8B3E22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52AD146E-E26C-4D3B-A1F8-80B9F5575104}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{5438BED1-69BF-47F7-A680-1466F3EEE0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{576B49D1-0428-40F7-BB8D-18584CA3DC11}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{6D1944DA-3C10-4FBC-BE84-781BD314FAD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{703222F4-5726-43F1-A912-AF04058ECDBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84935A2E-FFDA-405A-82DD-4BF4A5AE9AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{94AA9D5C-4659-4C54-95C5-27CB2FF0B044}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{991E1005-735A-49B6-8A83-8855A3F5270F}" = protocol=17 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{9D5FDE28-4157-4BE2-B9FC-5B9DAA30FFDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A454D904-2D92-4866-A90F-FC345430084E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5AA1904-4FB0-4295-93ED-A0C3985872D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A604E103-BAE6-4DB3-A35F-B540E0AAF5B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B75E78ED-E1A0-4E4E-8F2D-C7EB268C716B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7626618-7E63-43C1-8EC9-98553DA6FB80}" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{BC1E6AED-13C4-492B-880F-B93992FABDA4}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{C788F6D5-557E-4A02-88F0-AC1BC34F6A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CBEC79FC-5A5E-4288-85D2-E07A0C90178E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D284FA5A-F2B7-4460-964B-AFB42D2A8489}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC4161E4-EA0A-46EB-B0CE-25599506DCD9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DEB72B53-1533-4A19-A45D-583198F869E0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E8C6368D-A3CC-47F2-BC2E-17FFD52EBD69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E8F38FE7-196C-4803-B5C4-CCCE8546FF8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9A7848A-52FF-4780-AF0D-7DB2EF1B0AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{EDFDD2A3-E004-497B-A2E2-F24B110EE4C1}" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"{F6D103E0-B8CA-4CCF-9DEE-2E02EF7A2100}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8D5D01B-19E0-4407-901F-19FB5F742D0E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F944BACC-FBBC-44C0-9A7F-20D6351312D0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FC7D7A1E-0756-42BB-84F4-63D2930BB3D4}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{FE267C71-9BA2-4E15-9027-9A40C2B2E7A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{9F729D8A-7383-4BE0-872F-080245A01FD3}C:\program files (x86)\clockworkmod\tether\win32\node.exe" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{944167EA-7F89-4705-8DCD-1D63B53141B0}" = Ad-Aware Antivirus
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Loki ActiveX Control" = Loki ActiveX Control
"MixPad" = MixPad
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Screen Recorder 3.0_is1" = My Screen Recorder 3.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 16.0" = RealPlayer
"Switch" = Switch Sound File Converter
"UndeleteMyFiles Pro_is1" = UndeleteMyFiles Pro
"VLC media player" = VLC media player 2.0.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Amazon Kindle" = Amazon Kindle
"ExpressBurn" = Express Burn
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2013 8:45:31 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2013 8:45:31 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2449

Error - 9/2/2013 8:45:31 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2449

Error - 9/2/2013 8:45:32 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2013 8:45:32 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3494

Error - 9/2/2013 8:45:32 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3494

Error - 9/2/2013 8:57:59 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2013 8:58:00 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 750037

Error - 9/2/2013 8:58:00 PM | Computer Name = 9g-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 750037

Error - 9/2/2013 10:51:32 PM | Computer Name = 9g-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]
Error - 12/22/2012 11:09:32 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 3/10/2013 12:32:40 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 3/24/2013 1:01:24 AM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 4/20/2013 6:12:17 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 4/20/2013 6:12:30 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/18/2013 2:14:33 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 5/25/2013 2:04:36 PM | Computer Name = 9g-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1786 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/25/2013 3:31:51 PM | Computer Name = 9g-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1786 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

[ HP Wireless Assistant Events ]
Error - 12/28/2012 10:43:59 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 1/1/2013 11:33:32 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/27/2013 3:09:03 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/14/2013 9:13:59 AM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/29/2013 7:13:53 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2013 8:46:25 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 5/7/2013 8:47:11 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 5/14/2013 9:37:53 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 5/14/2013 9:38:03 PM | Computer Name = 9g-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 9/8/2013 2:43:50 PM | Computer Name = 9g-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 9/8/2013 10:49:45 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/8/2013 10:49:55 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7000
Description = The Ad-Aware service failed to start due to the following error: %%109

Error - 9/8/2013 10:55:55 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 9/8/2013 10:55:55 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7000
Description = The Computer Browser service failed to start due to the following
error: %%1053

Error - 9/8/2013 10:56:54 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 9/8/2013 11:06:20 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/8/2013 11:06:20 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the CinemaNow Service service.

Error - 9/8/2013 11:06:40 PM | Computer Name = 9g-HP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{BD67B5E6-FB7E-4458-8651-A2D0043C59BF}
because another computer on the network has the same name. The server could not
start.

Error - 9/8/2013 11:17:27 PM | Computer Name = 9g-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:16:47 PM on ?9/?8/?2013 was unexpected.

Error - 9/8/2013 11:24:45 PM | Computer Name = 9g-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
  • 0

#6
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-08 21:07:19
-----------------------------
21:07:19.067 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:19.067 Number of processors: 1 586 0x603
21:07:19.068 ComputerName: 9G-HP UserName: Test
21:07:27.790 Initialize success
21:10:48.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:10:48.697 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 11
21:10:48.834 Disk 0 MBR read successfully
21:10:48.841 Disk 0 MBR scan
21:10:48.846 Disk 0 unknown MBR code
21:10:48.870 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:10:48.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 168171 MB offset 409600
21:10:48.922 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:10:48.930 Disk 0 Partition - 00 05 Extended 69999 MB offset 344825854
21:10:48.954 Disk 0 Partition 4 00 83 Linux 61988 MB offset 344825856
21:10:48.963 Disk 0 Partition - 00 05 Extended 8011 MB offset 471777280
21:10:49.121 Disk 0 scanning C:\Windows\system32\drivers
21:10:57.901 Service scanning
21:11:34.102 Modules scanning
21:11:34.104 Disk 0 trace - called modules:
21:11:34.127 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:11:34.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800196f060]
21:11:34.127 3 CLASSPNP.SYS[fffff8800190143f] -> nt!IofCallDriver -> [0xfffffa800193f450]
21:11:34.128 5 amdxata.sys[fffff880010837a8] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80017df6c0]
21:11:34.128 Scan finished successfully
21:12:24.153 Disk 0 MBR has been saved successfully to "C:\Users\Da Biz\Downloads\MBR.dat"
21:12:24.166 The log file has been saved successfully to "C:\Users\Da Biz\Downloads\aswMBR.txt"
  • 0

#7
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks for the help. My computer symptoms are that it takes for ever. A good 10-15 minutes to load from when I click on the user to log in. I tried different accounts and it takes forever on any of the 3 users I have.

When I launch an application it takes about 2-3 minutes to actually load.

Once the application is up ex. firefox. i can browse just fine, but the initial loading of any program takes a long time.

I checked my system settings and it said that i have 2gb RAM but only 763MB usable.

Before coming to the boards, i just started noticing that anytime I opened up a browser it was taking a while to load any other apps. I had ran chkdsk then sfc /scannow but nothing really changed.

I then ran superantispyware and it said it had 55 cookies as well as Ad-aware antivirus program said the same thing. Since I had clicked on clean after using both of those tools separately, my system became way slower to launch anything.

Sometimes Ad-aware or superanti spyware crash when the pc is loading for the first time, once its been on for a while, like 30-40 minutes the pc doesn't seem to crash as much.

Also I tried safemode with networking and the pc is super fast at anything I launch.

Thanks
  • 0

#8
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi CesarT,

Step One: Uninstall Programs

  • Click the Start Orb and select Control Panel.
  • In Control Panel, select Programs and Features.
  • Select the following one at a time
    • Java™ 6 Update 20 (64-bit)
      Java™ 6 Update 3
  • Click Uninstall.


Step Two: Backup Registry with ERUNT

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Step Three: OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Run OTL
Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word "quote")

    :Commands
    [createrestorepoint]

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...371934233128142
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-696807009-2496342843-4138137113-1001\..\Toolbar\WebBrowser: (no name) - {F0E59437-6148-4A98-B0A6-60D557EF57F4} - No CLSID value found.
    O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe File not found
    O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
    O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe File not found
    O4 - HKU\S-1-5-21-696807009-2496342843-4138137113-1004..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe" File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    [2013/09/07 09:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{52AD146E-E26C-4D3B-A1F8-80B9F5575104}"= -
    "{84935A2E-FFDA-405A-82DD-4BF4A5AE9AD1}"=-
    "{B7626618-7E63-43C1-8EC9-98553DA6FB80}"=-
    "{EDFDD2A3-E004-497B-A2E2-F24B110EE4C1}"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Four: AdwCleaner

Run AdwCleaner and select Scan. Once the scan is complete, select Clean.

Posted Image

Once done it will ask to reboot, allow this.
On reboot a log will be produced, please post it in your next reply.


Step Five: How is your computer running?

Please let me know how your computer is running and what specific problems remain.


What I need in your next post:
1. Both OTL logs, the one produced by the fix and the one produced by the new scan, OTL.txt.
2. The log from adwCleaner.
3. Let me know what problems remain.
  • 0

#9
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50A20F84-1F9C-4921-BA37-E1A2D92EC263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0E59437-6148-4A98-B0A6-60D557EF57F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Online Backup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
Registry value HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Jing deleted successfully.
Registry value HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-696807009-2496342843-4138137113-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\blekko toolbars folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52AD146E-E26C-4D3B-A1F8-80B9F5575104} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52AD146E-E26C-4D3B-A1F8-80B9F5575104}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84935A2E-FFDA-405A-82DD-4BF4A5AE9AD1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84935A2E-FFDA-405A-82DD-4BF4A5AE9AD1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7626618-7E63-43C1-8EC9-98553DA6FB80} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7626618-7E63-43C1-8EC9-98553DA6FB80}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDFDD2A3-E004-497B-A2E2-F24B110EE4C1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFDD2A3-E004-497B-A2E2-F24B110EE4C1}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Da Biz\Downloads\cmd.bat deleted successfully.
C:\Users\Da Biz\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 9g
->Temp folder emptied: 1684328984 bytes
->Temporary Internet Files folder emptied: 56356244 bytes
->Java cache emptied: 517774 bytes
->FireFox cache emptied: 104903380 bytes
->Google Chrome cache emptied: 388757326 bytes
->Flash cache emptied: 14912870 bytes

User: All Users

User: Da Biz
->Temp folder emptied: 11764617 bytes
->Temporary Internet Files folder emptied: 1670181202 bytes
->Java cache emptied: 1126489 bytes
->FireFox cache emptied: 105758248 bytes
->Google Chrome cache emptied: 414964351 bytes
->Opera cache emptied: 3424462 bytes
->Flash cache emptied: 58521 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Test
->Temp folder emptied: 3859699 bytes
->Temporary Internet Files folder emptied: 28544848 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 110904848 bytes
->Flash cache emptied: 58174 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105000728 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287647 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,528.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09092013_170059

Files\Folders moved on Reboot...
File move failed. C:\Users\Da Biz\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Da Biz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
NEW OTL**
*********
OTL logfile created on: 9/9/2013 8:30:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Da Biz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

762.90 Mb Total Physical Memory | 115.30 Mb Available Physical Memory | 15.11% Memory free
3.25 Gb Paging File | 1.58 Gb Available in Paging File | 48.83% Paging File free
Paging file location(s): c:\pagefile.sys 2560 2560 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164.23 Gb Total Space | 35.68 Gb Free Space | 21.72% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 9G-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/09 20:23:56 | 001,037,278 | ---- | M] () -- C:\Users\Test\Downloads\AdwCleaner.exe
PRC - [2013/08/29 19:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Da Biz\Downloads\OTL.exe
PRC - [2013/08/20 08:45:47 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/29 08:13:30 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/06/13 02:27:36 | 018,834,784 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Da Biz\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/09 20:23:56 | 001,037,278 | ---- | M] () -- C:\Users\Test\Downloads\AdwCleaner.exe
MOD - [2013/08/20 08:45:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/14 16:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Da Biz\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 13:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/20 08:45:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/26 21:29:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/07 09:54:33 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/09 11:31:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/24 21:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/08/24 21:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 22:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/01 22:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/06/01 22:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/22 16:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2010/12/20 22:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/03 08:24:36 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2009/11/03 07:01:04 | 000,318,336 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE:64bit: - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKLM\..\SearchScopes\{9D2F7462-C565-4F93-B43B-CDF7F306DBA4}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{B5BED05A-A16A-469A-BB12-4A140BCC4DA7}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D600B306-325B-40F5-AF98-21458FD9C998}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {D600B306-325B-40F5-AF98-21458FD9C998}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PremierOpinion\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/29 08:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/20 08:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013/09/09 16:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/21 18:01:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/20 08:45:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/09 19:41:32 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Lavasoft NewTab = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\
CHR - Extension: Gmail = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/09 17:01:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{091E1DEF-1170-4B1E-A111-D77334E86474}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD67B5E6-FB7E-4458-8651-A2D0043C59BF}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E95B24-B8D2-4FBB-987B-15DD40F41CA2}: DhcpNameServer = 66.233.169.12 64.13.115.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/09 17:00:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/09 16:57:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/09/09 16:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/09/09 16:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/09/09 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\hpqLog
[2013/09/09 13:53:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/07 18:01:16 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Ad-Aware Antivirus
[2013/09/07 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\adawarebp
[2013/09/07 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/09/07 09:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/09/07 09:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/09/07 09:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/09/07 09:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/09/07 09:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/09/07 09:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/09/07 09:54:11 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/09/05 10:22:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/05 10:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/05 10:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/05 10:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/05 07:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/05 07:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/05 07:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/04 23:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
[2013/09/04 22:52:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/01 12:47:28 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\gtk-2.0
[2013/09/01 12:47:26 | 000,000,000 | ---D | C] -- C:\Users\Test\.thumbnails
[2013/09/01 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Test\Documents\gegl-0.0
[2013/09/01 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Test\.gimp-2.6
[2013/08/30 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\vlc
[2013/08/30 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\dvdcss
[2013/08/26 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\SoftGrid Client
[2013/08/26 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013/08/26 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/08/25 07:07:58 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Apple Computer
[2013/08/24 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Hewlett-Packard
[2013/08/24 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\ATI
[2013/08/24 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\ATI
[2013/08/24 23:18:19 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\RealNetworks
[2013/08/24 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Hewlett-Packard
[2013/08/24 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Real
[2013/08/24 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Apple Computer
[2013/08/24 23:16:59 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Adobe
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\Searches
[2013/08/24 23:16:56 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/24 23:16:55 | 000,000,000 | -H-D | C] -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/24 23:16:44 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Identities
[2013/08/24 23:16:39 | 000,000,000 | R--D | C] -- C:\Users\Test\Contacts
[2013/08/24 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\VirtualStore
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\Temporary Internet Files
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Templates
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Start Menu
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\SendTo
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Recent
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\PrintHood
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\NetHood
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Videos
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Pictures
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Documents\My Music
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\My Documents
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Local Settings
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\History
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Cookies
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\Application Data
[2013/08/24 23:16:23 | 000,000,000 | -HSD | C] -- C:\Users\Test\AppData\Local\Application Data
[2013/08/24 23:16:22 | 000,000,000 | --SD | C] -- C:\Users\Test\AppData\Roaming\Microsoft
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Favorites
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Downloads
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Documents
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\Desktop
[2013/08/24 23:16:22 | 000,000,000 | R--D | C] -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/24 23:16:22 | 000,000,000 | -H-D | C] -- C:\Users\Test\AppData
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\TuneUp Software
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Temp
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Microsoft
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Media Center Programs
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Macromedia
[2013/08/24 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\Google
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Videos
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Saved Games
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Pictures
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Music
[2013/08/24 23:16:21 | 000,000,000 | R--D | C] -- C:\Users\Test\Links
[2013/08/24 23:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/08/24 23:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/24 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/24 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/08/20 08:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/09 20:20:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/09 20:01:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/09 19:20:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/09 19:04:18 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_9g.job
[2013/09/09 19:04:18 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor9g.job
[2013/09/09 19:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/09 17:18:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 17:18:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 17:09:08 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/09 17:08:44 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/09/09 17:08:44 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_9g.job
[2013/09/09 17:08:10 | 599,969,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/09 17:01:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/09/09 16:57:12 | 000,000,884 | ---- | M] () -- C:\Users\Test\Desktop\NTREGOPT.lnk
[2013/09/09 16:57:12 | 000,000,865 | ---- | M] () -- C:\Users\Test\Desktop\ERUNT.lnk
[2013/09/07 09:54:33 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/09/07 09:35:22 | 000,007,602 | ---- | M] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2013/09/05 12:42:00 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/05 12:42:00 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/05 12:42:00 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/05 11:47:02 | 000,304,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/05 10:22:21 | 000,796,852 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/05 07:54:56 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/01 21:28:44 | 000,000,838 | ---- | M] () -- C:\Users\Test\.recently-used.xbel
[2013/08/28 21:12:01 | 001,827,736 | ---- | M] () -- C:\Users\Test\Documents\IMG_0701.JPG
[2013/08/28 21:11:58 | 001,764,628 | ---- | M] () -- C:\Users\Test\Documents\IMG_0700.JPG
[2013/08/25 18:25:39 | 000,002,239 | ---- | M] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/25 18:25:38 | 000,002,215 | ---- | M] () -- C:\Users\Test\Desktop\Google Chrome.lnk
[2013/08/24 23:29:05 | 000,112,335 | ---- | M] () -- C:\Users\Test\Documents\IMG_0304.JPG
[2013/08/24 23:23:52 | 000,154,341 | ---- | M] () -- C:\Users\Test\Documents\IMG_0364.JPG
[2013/08/24 23:17:56 | 000,001,407 | ---- | M] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/09/09 16:57:12 | 000,000,884 | ---- | C] () -- C:\Users\Test\Desktop\NTREGOPT.lnk
[2013/09/09 16:57:12 | 000,000,865 | ---- | C] () -- C:\Users\Test\Desktop\ERUNT.lnk
[2013/09/09 15:11:23 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_9g.job
[2013/09/09 15:11:22 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_9g.job
[2013/09/07 09:57:19 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/07 09:35:22 | 000,007,602 | ---- | C] () -- C:\Users\Test\AppData\Local\Resmon.ResmonCfg
[2013/09/05 12:19:37 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor9g.job
[2013/09/05 07:54:56 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/01 21:28:44 | 000,000,838 | ---- | C] () -- C:\Users\Test\.recently-used.xbel
[2013/08/28 21:13:45 | 001,827,736 | ---- | C] () -- C:\Users\Test\Documents\IMG_0701.JPG
[2013/08/28 21:13:37 | 001,764,628 | ---- | C] () -- C:\Users\Test\Documents\IMG_0700.JPG
[2013/08/25 18:23:35 | 000,154,341 | ---- | C] () -- C:\Users\Test\Documents\IMG_0364.JPG
[2013/08/25 18:22:52 | 000,112,335 | ---- | C] () -- C:\Users\Test\Documents\IMG_0304.JPG
[2013/08/24 23:17:56 | 000,001,407 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/24 23:16:59 | 000,001,413 | ---- | C] () -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/24 23:16:58 | 000,002,239 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/24 23:16:58 | 000,002,215 | ---- | C] () -- C:\Users\Test\Desktop\Google Chrome.lnk
[2013/08/24 23:16:22 | 000,000,290 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/24 23:16:22 | 000,000,272 | ---- | C] () -- C:\Users\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/24 23:07:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/14 15:22:27 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 16:26:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/11 16:18:29 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/10/11 16:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/07 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Ad-Aware Antivirus
[2013/09/01 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\gtk-2.0
[2013/08/26 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013/03/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v3.003 - Report created 09/09/2013 at 20:46:20
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Test - 9G-HP
# Running from : C:\Users\Test\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\9g\AppData\Local\Conduit
Folder Deleted : C:\Users\9g\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\9g\AppData\Local\cre
Folder Deleted : C:\Users\9g\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\9g\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\9g\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Da Biz\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Da Biz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Da Biz\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Da Biz\AppData\Roaming\Iminent
Folder Deleted : C:\Users\9g\AppData\Roaming\Mozilla\Firefox\Profiles\ayjkf9fe.default\adawaretb
Folder Deleted : C:\Users\Da Biz\AppData\Roaming\Mozilla\Firefox\Profiles\wp98hd9l.default\adawaretb
Folder Deleted : C:\Users\Da Biz\AppData\Roaming\Mozilla\Firefox\Profiles\wp98hd9l.default\jetpack
File Deleted : \END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\9g\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

[ File : C:\Users\Da Biz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9722 octets] - [04/09/2013 22:52:19]
AdwCleaner[R1].txt - [9782 octets] - [04/09/2013 23:07:45]
AdwCleaner[R2].txt - [8476 octets] - [09/09/2013 20:44:41]
AdwCleaner[S0].txt - [8525 octets] - [09/09/2013 20:46:20]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [8585 octets] ##########
  • 0

#12
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
PC is still running a little faster, but its still extremely slow when launching apps or shutting down.

Also when I shut down I get like 3 pop ups stating that force close or wait for app, but I can't see any app to end.
  • 0

#13
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey there, heres an update. Since I had noticed the pc did get faster, but was still slow in applications I decided to look at the ram.

System still said it was 2gb of ram but only 7++MB usable.
I checked bios and msconfig and all the settings matched. BIOS did register the 2048MB but for some reason windows didn't.

RAM test came up fine as well

I just for kicks and giggles decided to reseat the RAM even though it looked fine like when it came factory. I then booted to windows and voila. I had 2GB of RAM and now 1.74GB Available on the system properties.

My computer is blazing fast now. It doesn't take too much time to load, log on or log off either. Its realy fast for everything. I think you guys helped tons as before this random RAM issue, my pc was slow as I described at the begining of the post. Now its just as fast as when I first got it.

Let me know if it was a virus or what the fix you provided did, because its definitely noticable and I won't have to do a re-load of the OS as its working just fine.

All apps working too. no more "not responding mesg."

Thanks for all the hard work.
  • 0

#14
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi CesarT,

The programs I had you run removed a lot of adware and toolbars that can slow a system down, but reseating the RAM is what did the trick. Running Windows 7 with 1 GB of working RAM is nearly impossible. Only a few more steps and we'll be finished cleaning your computer.

Step One: Malewarebytes' Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Two: ESET Online Scanner

For the duration of this scan, please disable adware anti-virus. After the scan has completed you can enable it again.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer running in admin mode for this scan. To do this right click on Internet Explorer and pick Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Make sure that the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Step Three: SecurityCheck

Run SecurityCheck by right clicking SecurityCheck.exe, select Run as administrator, and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step Four: Remaining problems

Let me know if there are any remaining problems.

What I need in your next post:
1. The MBAM report.
2. The ESET Online Scanner log, C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
3. The Security Check log, checkup.txt.
4. Let me know if there are any remaining problems.
  • 0

#15
CesarT

CesarT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Test :: 9G-HP [administrator]

9/11/2013 10:16:49 AM
mbam-log-2013-09-11 (10-16-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269508
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP