Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus auto-disabled


  • Please log in to reply

#46
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
OTL logfile created on: 21/10/2013 13 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zach\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 13.66 Gb Available Physical Memory | 85.51% Memory free
31.95 Gb Paging File | 29.37 Gb Available in Paging File | 91.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 46.13 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 79.77 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/17 05 (Somoto) -- C:\Users\Zach\AppData\Local\FilesFrog Update Checker\update_checker.exe
PRC - [2013/10/02 10 (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
PRC - [2013/09/17 14 (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/12 01 (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/27 17 (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 17 (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/07 14 (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/05/11 06 (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/17 17 (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/03/15 15 (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012/12/20 07 (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/12/20 07 (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/11/19 12 (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2012/09/06 10 (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2010/12/29 03 (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/29 03 (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/29 13 () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2010/11/18 19 () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/21 12 () -- C:\Users\Zach\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/10/21 12 () -- C:\Users\Zach\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/10/09 00 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/17 14 () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/13 06 () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/08/15 01 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 00 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 00 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/15 00 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/07/10 11 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 11 () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/01/28 13 () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13 () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/09 21 () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/11/29 13 () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2009/06/06 14 () -- C:\Program Files (x86)\Hotkey\Audiodll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/27 17 (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/12 14 (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14 (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/07 14 (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/13 15 (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/27 01 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/01 14 () [Disabled | Stopped] -- C:\Program Files\FileMind\FileMind.Windows.Service.exe -- (Filemind.Windows.Service)
SRV:64bit: - [2009/07/13 21 (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 22 (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 17 (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 01 (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/31 14 (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/27 17 (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/21 09 (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06 (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/20 07 (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/12/20 07 (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/11/19 12 (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2012/09/06 10 (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/09 04 (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/12/29 03 (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/29 03 (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/18 19 () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2009/06/10 17 (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/02 05 (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/09/08 16 (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013/08/20 09 (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/08/07 14 (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/08/07 14 (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/06/22 19 (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/06/18 21 (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/16 08 (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/23 02 (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 02 (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 02 (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/05/23 02 (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2013/05/23 02 (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/21 08 (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/03/28 15 (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/03/27 23 (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/25 17 (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/05 11 (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/01/31 05 (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/01/17 15 (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/12/13 13 (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/25 05 (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/10/10 23 (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/08/27 19 (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/08/27 19 (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/08/23 10 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 10 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13 (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/15 17 (Windows ® Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2012/03/01 02 (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02 (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/11 02 (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/01/15 05 (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/12/29 03 (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/12/06 07 (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/11/20 23 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23 (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23 (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 23 (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/13 17 (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/07/01 13 () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2009/11/23 21 (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 21 (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21 (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21 (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21 (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/06/10 16 (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 16 (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16 (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16 (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/02/17 13 (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/05/06 16 (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/09 14 (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2007/02/15 20 (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011/06/02 10 () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21 (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 20 (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 20 09 24 2E 24 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.9
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.2
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7B4a313247-8330-4a81-948e-b79936516f78%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.2
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: %7B98449521-9320-4257-aa35-9e1a39c8cbe0%7D:2.0.3
FF - prefs.js..extensions.enabledAddons: %7B578e7caa-210f-4967-a0d3-88fe5b59a39f%7D:0.8.10
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.9.4
FF - prefs.js..extensions.enabledAddons: %7B65e41d20-f092-41b7-bb83-c6e8a9ab0f57%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.61
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2013100901
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/08/22 00
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/17 14
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 26.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 26.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013/04/04 20
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Zach\AppData\Roaming\IDM\idmmzcc5 [2013/10/07 10
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Zach\AppData\Roaming\IDM\idmmzcc5 [2013/10/07 10

[2013/03/18 20
[2013/08/17 13
[2013/08/17 13
[2013/10/17 20
[2013/08/17 13
[2013/09/17 15
[2013/09/17 15
[2013/08/17 13
[2013/08/17 13
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/09/22 22 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/10/17 20 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/10/03 01 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/25 18 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/30 22 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/17 17 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/10/09 17 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\[email protected]
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi
[2013/09/30 10 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2013/08/24 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2013/10/09 15 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 18 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/08/17 13 () (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\do5y9nnf.default-1376761741539\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2013/09/17 14
[2013/09/17 14
[2013/08/22 00
[2013/10/07 10
[2013/06/13 20 (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: reddit companion = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.3_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.4_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.5_0\
CHR - Extension: Logitech Smooth Scrolling = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.3.1_0\
CHR - Extension: LastPass = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.3_0\
CHR - Extension: LastPass = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.6_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.7_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Cookie Manager = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: SABconnect++ = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.6.8_0\
CHR - Extension: reddit companion = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.3_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.4_0\
CHR - Extension: WikiTube = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj\2.5_0\
CHR - Extension: Logitech Smooth Scrolling = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.60.170_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.3.1_0\
CHR - Extension: LastPass = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.3_0\
CHR - Extension: LastPass = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.6_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.7_0\
CHR - Extension: IDM Integration Module = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Cookie Manager = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: SABconnect++ = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod\0.6.8_0\

O1 HOSTS File: () - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SpeedFan] C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Bing Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://search.bing.c...sults.aspx?q=%w
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.214.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A936B49-CC00-4762-983E-66987E017634}: DhcpNameServer = 10.10.101.201 10.10.100.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAECE5C-6A31-41A3-BE76-57E63394ACFA}: DhcpNameServer = 10.100.214.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAECE5C-6A31-41A3-BE76-57E63394ACFA}: NameServer = 8.8.8.8,4.2.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/23 21 () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/19 23
[2013/10/19 15
[2013/10/19 15
[2013/10/19 15
[2013/10/19 13
[2013/10/19 13
[2013/10/19 13
[2013/10/19 13
[2013/10/18 18
[2013/10/18 18
[2013/10/18 18
[2013/10/18 18
[2013/10/18 18
[2013/10/18 18
[2013/10/18 18 (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/18 18 (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/18 18 (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/18 18 (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/17 21
[2013/10/16 12
[2013/10/12 02
[2013/10/12 02
[2013/10/12 02
[2013/10/11 21
[2013/10/11 12
[2013/10/11 12
[2013/10/11 12
[2013/10/11 10
[2013/10/11 10
[2013/10/11 10
[2013/10/11 10 (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/10/09 15
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/08 22 (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 15 (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/08 15 (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 15 (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 15 (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 15 (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/07 10
[2013/10/06 11
[2013/10/06 11
[2013/10/06 11
[2013/10/06 11
[2013/10/06 11
[2013/10/05 19
[2013/10/05 19
[2013/10/05 18
[2013/10/05 17
[2013/10/05 17
[2013/10/05 17
[2013/10/04 11
[2013/10/04 11
[2013/10/04 11
[2013/10/04 11
[2013/10/04 11
[2013/10/04 07 (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/10/02 10 (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
[2013/09/30 11
[2013/09/30 11
[2013/09/30 11
[2013/09/26 01
[2013/09/25 10
[2013/05/08 04 (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2013/03/12 08 (Yamicsoft) -- C:\Users\Zach\AppData\Roaming\windows7manager.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/21 13 () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/21 13 () -- C:\Windows\SysNative\perfh009.dat
[2013/10/21 13 () -- C:\Windows\SysNative\perfc009.dat
[2013/10/21 13 () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/21 13 () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 13 () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 12 () -- C:\hiberfil.sys
[2013/10/21 12 () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/21 12 () -- C:\Windows\bootstat.dat
[2013/10/21 01 () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/19 23 () -- C:\ProgramData\.zreglib
[2013/10/19 13 () -- C:\Users\Public\Desktop\CloneCD.lnk
[2013/10/18 23 () -- C:\Users\Zach\Documents\ZACH-PC_Zach_2013_10_18.csv
[2013/10/18 18 () -- C:\WirelessDiagLog.csv
[2013/10/13 13 () -- C:\Program Files (x86)\Bradford Dissolvable Agent.exe
[2013/10/12 02 () -- C:\Users\Public\Desktop\Steam.lnk
[2013/10/12 02 () -- C:\Users\Zach\Desktop\Dota 2.url
[2013/10/11 12 (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/10/11 12 () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/11 12 () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 10 () -- C:\Windows\tweaking.com-regbackup-ZACH-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/10/11 10 () -- C:\Users\Zach\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/10/10 19 () -- C:\Users\Zach\Desktop\AutoRuns.zip
[2013/10/10 19 () -- C:\Users\Zach\Desktop\AutoRuns.arn
[2013/10/09 14 () -- C:\Windows\epplauncher.mif
[2013/10/08 22 () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/08 22 () -- C:\Users\Zach\Desktop\Hw4.pdf
[2013/10/08 17 (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 17 (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 07 (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 07 (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 07 (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 07 (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/06 11 () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/05 19 () -- C:\Windows\SysNative\sc
[2013/10/04 16 ( ) -- C:\Users\Zach\Desktop\VEW.exe
[2013/10/04 11 () -- C:\Users\Zach\Desktop\MBR.dat
[2013/10/03 18 (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/10/02 17 () -- C:\Users\Zach\Desktop\Dur.torrent
[2013/10/02 10 (OldTimer Tools) -- C:\Users\Zach\Desktop\OTL.exe
[2013/10/02 10 () -- C:\Users\Zach\Desktop\Troubleshoot problems error.JPG
[2013/10/02 05 (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/09/30 11 () -- C:\Users\Zach\Desktop\Ventrilo.lnk
[2013/09/30 11 () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/09/28 16 () -- C:\Users\Zach\Desktop\i3nF4.jpg
[2013/09/28 16 () -- C:\Users\Zach\Desktop\1aZuY.jpg
[2013/09/26 01 () -- C:\Users\Zach\Desktop\Minecraft.exe
[2013/09/25 10 () -- C:\Users\Zach\Desktop\SteamInstall.msi
[2013/09/22 19 (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 19 (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/22 19 (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/22 19 (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/22 19 (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/22 18 (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/19 17 () -- C:\ProgramData\.zreglib
[2013/10/19 13 () -- C:\Users\Public\Desktop\CloneCD.lnk
[2013/10/18 23 () -- C:\Users\Zach\Documents\ZACH-PC_Zach_2013_10_18.csv
[2013/10/18 21 () -- C:\Users\Zach\Desktop\[CBM]_Gurren_Lagann_-_02_-_I_Said_I'm_Gonna_Pilot_That_Thing_[720p]_[19E9CF6F].mkv
[2013/10/18 20 () -- C:\Users\Zach\Desktop\[CBM]_Gurren_Lagann_-_01_-_Bust_Through_the_Heavens_With_Your_Drill_[720p]_[D2E69407].mkv
[2013/10/18 18 () -- C:\WirelessDiagLog.csv
[2013/10/13 13 () -- C:\Program Files (x86)\Bradford Dissolvable Agent.exe
[2013/10/12 02 () -- C:\Users\Public\Desktop\Steam.lnk
[2013/10/12 02 () -- C:\Users\Zach\Desktop\Dota 2.url
[2013/10/11 10 () -- C:\Windows\tweaking.com-regbackup-ZACH-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/10/11 10 () -- C:\Users\Zach\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/10/10 19 () -- C:\Users\Zach\Desktop\AutoRuns.zip
[2013/10/10 19 () -- C:\Users\Zach\Desktop\AutoRuns.arn
[2013/10/08 22 () -- C:\Users\Zach\Desktop\Hw4.pdf
[2013/10/06 11 () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/05 19 () -- C:\Windows\SysNative\sc
[2013/10/04 16 ( ) -- C:\Users\Zach\Desktop\VEW.exe
[2013/10/04 11 () -- C:\Users\Zach\Desktop\MBR.dat
[2013/10/02 17 () -- C:\Users\Zach\Desktop\Dur.torrent
[2013/10/02 10 () -- C:\Users\Zach\Desktop\Troubleshoot problems error.JPG
[2013/09/30 11 () -- C:\Users\Zach\Desktop\Ventrilo.lnk
[2013/09/30 11 () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/09/28 16 () -- C:\Users\Zach\Desktop\i3nF4.jpg
[2013/09/28 16 () -- C:\Users\Zach\Desktop\1aZuY.jpg
[2013/09/26 01 () -- C:\Users\Zach\Desktop\Minecraft.exe
[2013/09/25 10 () -- C:\Users\Zach\Desktop\SteamInstall.msi
[2013/09/20 12 () -- C:\ProgramData\hash.dat
[2013/09/13 11 () -- C:\Users\Zach\AppData\Roaming\keygen.il
[2013/09/13 11 () -- C:\Users\Zach\AppData\Roaming\InstallMTW6.9.il
[2013/07/20 13 () -- C:\Users\Zach\AppData\Local\Resmon.ResmonCfg
[2013/06/23 12 () -- C:\ProgramData\1372005809.bdinstall.bin
[2013/04/23 18 () -- C:\ProgramData\1366757276.bdinstall.bin
[2013/04/23 18 () -- C:\ProgramData\1366756389.bdinstall.bin
[2013/04/02 23 () -- C:\Windows\WebFerretUninstall.exe
[2013/04/02 23 () -- C:\Windows\SysWow64\NetFerret.dll
[2013/03/30 13 () -- C:\ProgramData\1364665264.bdinstall.bin
[2013/03/30 12 () -- C:\Windows\asfbinwin.INI
[2013/03/26 17 () -- C:\Users\Zach\PUTTY.RND
[2013/03/18 19 () -- C:\Windows\SysWow64\unrar.dll
[2013/02/16 00 () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/03 03 () -- C:\Windows\SysWow64\abgx360.exe

========== ZeroAccess Check ==========

[2009/07/14 00 () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22 (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21 (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21 (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23 (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21 (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: DIAGPACKAGE.DIAGPKG >
[2009/07/13 16 () MD5=03A8CE31B72A2DB80676ABB7346720D1 -- C:\Windows\diagnostics\system\Audio\DiagPackage.diagpkg
[2009/07/13 16 () MD5=03A8CE31B72A2DB80676ABB7346720D1 -- C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.diagpkg
[2009/07/13 16 () MD5=0AB8039AFB5058F3F2158C1C97D79E10 -- C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\DiagPackage.diagpkg
[2009/07/13 16 () MD5=0AB8039AFB5058F3F2158C1C97D79E10 -- C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.diagpkg
[2009/07/13 16 () MD5=18A906A43C1C3E27064DB30C81505234 -- C:\Windows\diagnostics\system\PCW\DiagPackage.diagpkg
[2009/07/13 16 () MD5=18A906A43C1C3E27064DB30C81505234 -- C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.diagpkg
[2009/07/13 16 () MD5=1D6F672CC999EE8BA0C1CE3B120975DC -- C:\Windows\diagnostics\system\WindowsUpdate\DiagPackage.diagpkg
[2009/07/13 16 () MD5=1D6F672CC999EE8BA0C1CE3B120975DC -- C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.diagpkg
[2009/07/13 16 () MD5=24446DFC36703D556DC9B9208C0D9616 -- C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\DiagPackage.diagpkg
[2009/07/13 16 () MD5=24446DFC36703D556DC9B9208C0D9616 -- C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.diagpkg
[2009/07/13 16 () MD5=29654EB8D7D5EDFCC8938775CBA6E4C0 -- C:\Windows\diagnostics\system\Performance\DiagPackage.diagpkg
[2009/07/13 16 () MD5=29654EB8D7D5EDFCC8938775CBA6E4C0 -- C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.diagpkg
[2009/07/13 16 () MD5=2C42E1AC502D82DCBB1036630EA068C8 -- C:\Windows\diagnostics\system\Printer\DiagPackage.diagpkg
[2009/07/13 16 () MD5=2C42E1AC502D82DCBB1036630EA068C8 -- C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.diagpkg
[2009/07/13 16 () MD5=3897769DCDAC40B6EB842E08637ED83A -- C:\Windows\diagnostics\system\Search\DiagPackage.diagpkg
[2009/07/13 16 () MD5=3897769DCDAC40B6EB842E08637ED83A -- C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.diagpkg
[2009/07/13 16 () MD5=58D8C66728540392804896054A83D07E -- C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\DiagPackage.diagpkg
[2009/07/13 16 () MD5=58D8C66728540392804896054A83D07E -- C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.diagpkg
[2009/07/13 16 () MD5=66B75D5047218DA88E93B867630046AF -- C:\Windows\diagnostics\scheduled\Maintenance\DiagPackage.diagpkg
[2009/07/13 16 () MD5=66B75D5047218DA88E93B867630046AF -- C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.diagpkg
[2009/07/13 16 () MD5=AEE34ADDF0F13E37014E62D5DB79601E -- C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.diagpkg
[2009/07/13 16 () MD5=C0FCA3CB6514EC30611AA64B100823F9 -- C:\Windows\diagnostics\system\AERO\DiagPackage.diagpkg
[2009/07/13 16 () MD5=C0FCA3CB6514EC30611AA64B100823F9 -- C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.diagpkg
[2009/07/13 16 () MD5=C9FB87FA3460FAE6D5D599236CFD77E2 -- C:\Windows\diagnostics\system\Networking\DiagPackage.diagpkg
[2009/07/13 16 () MD5=C9FB87FA3460FAE6D5D599236CFD77E2 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.diagpkg
[2009/07/13 16 () MD5=CBE2E7AC26C9F70D27FC66539B09EA19 -- C:\Windows\diagnostics\system\Power\DiagPackage.diagpkg
[2009/07/13 16 () MD5=CBE2E7AC26C9F70D27FC66539B09EA19 -- C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.diagpkg
[2009/07/13 16 () MD5=DD9027A9B31ED16515F218992218E627 -- C:\Windows\diagnostics\system\Device\DiagPackage.diagpkg
[2009/07/13 16 () MD5=DD9027A9B31ED16515F218992218E627 -- C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.diagpkg
[2009/07/13 16 () MD5=E6AEE313842FA3676F75086EC5197D8A -- C:\Windows\diagnostics\system\DeviceCenter\DiagPackage.diagpkg
[2009/07/13 16 () MD5=E6AEE313842FA3676F75086EC5197D8A -- C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.diagpkg
[2009/07/13 16 () MD5=F42394528C29ABE006D3513126D8EB90 -- C:\Windows\diagnostics\system\HomeGroup\DiagPackage.diagpkg
[2009/07/13 16 () MD5=F42394528C29ABE006D3513126D8EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.diagpkg
[2009/07/13 16 () MD5=FCE3AE8E7A46900612B8552DF94961EC -- C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.diagpkg

< MD5 for: DIAGPACKAGE.DLL >
[2009/07/13 21 (Microsoft Corporation) MD5=0A8DEAC8DABC7182D900B9CA5EEEF299 -- C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=0A8DEAC8DABC7182D900B9CA5EEEF299 -- C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.dll
[2010/11/20 23 (Microsoft Corporation) MD5=1A023A3287669D6A69B41774301BE93C -- C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\DiagPackage.dll
[2010/11/20 23 (Microsoft Corporation) MD5=1A023A3287669D6A69B41774301BE93C -- C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=23B8D10849367EB8544D085305971CE5 -- C:\Windows\diagnostics\system\HomeGroup\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=23B8D10849367EB8544D085305971CE5 -- C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=3DD756EB8667AC050B4DB8F06E71CCB3 -- C:\Windows\diagnostics\system\Audio\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=3DD756EB8667AC050B4DB8F06E71CCB3 -- C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.dll
[2010/11/20 23 (Microsoft Corporation) MD5=44F64FB4681E47F1ABE1E38DA3723EA4 -- C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=4DAE3266AB0BDB38766836008BF2C408 -- C:\Windows\diagnostics\system\Networking\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=4DAE3266AB0BDB38766836008BF2C408 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.dll
[2010/11/20 23 (Microsoft Corporation) MD5=4E7E7701C9D6270EED51972040C788F8 -- C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=4EC402B80561606E4C6C7E2E2D755231 -- C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=4EC402B80561606E4C6C7E2E2D755231 -- C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=76437AB3AEF63895AC83A7B58F49F803 -- C:\Windows\diagnostics\system\Performance\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=76437AB3AEF63895AC83A7B58F49F803 -- C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=7FFAB6BAD095C6F893B0AE9AE732D646 -- C:\Windows\diagnostics\system\WindowsUpdate\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=7FFAB6BAD095C6F893B0AE9AE732D646 -- C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=9A9E5B0CF909870B085ED723AE0004BE -- C:\Windows\diagnostics\system\Power\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=9A9E5B0CF909870B085ED723AE0004BE -- C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=B61ED7BF995BCDCE263C2A1CD0745BDE -- C:\Windows\diagnostics\system\Search\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=B61ED7BF995BCDCE263C2A1CD0745BDE -- C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=D4AA2358BB3137549A3E18E45FDC6AAE -- C:\Windows\diagnostics\system\Device\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=D4AA2358BB3137549A3E18E45FDC6AAE -- C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=DBB8A283FA28B0BDC234B8FE4C9CDBC0 -- C:\Windows\diagnostics\system\DeviceCenter\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=DBB8A283FA28B0BDC234B8FE4C9CDBC0 -- C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=E382EC1C184E7D7D6DA1E0B3EACFA84B -- C:\Windows\diagnostics\system\PCW\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=E382EC1C184E7D7D6DA1E0B3EACFA84B -- C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=E7ABB3254C2E312E8AB2573C958BB0D8 -- C:\Windows\diagnostics\system\AERO\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=E7ABB3254C2E312E8AB2573C958BB0D8 -- C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=ED0F4FABDC61648B147CC63F6B358907 -- C:\Windows\diagnostics\scheduled\Maintenance\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=ED0F4FABDC61648B147CC63F6B358907 -- C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=FA9BF34BAEA7BCF3600BD83519D5EC08 -- C:\Windows\diagnostics\system\Printer\DiagPackage.dll
[2009/07/13 21 (Microsoft Corporation) MD5=FA9BF34BAEA7BCF3600BD83519D5EC08 -- C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.dll

< MD5 for: DIAGPACKAGE.DLL.MUI >
[2009/07/13 22 (Microsoft Corporation) MD5=047E86BF36E53C698C27819ED1BABBB2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c854a35629be53ad\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=1CCC67C44AE56A3B45CC256374E75EE1 -- C:\Windows\diagnostics\system\Networking\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=1CCC67C44AE56A3B45CC256374E75EE1 -- C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=2184A912F2813C0D568E6D06B61B270E -- C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=2184A912F2813C0D568E6D06B61B270E -- C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6de46ea42ffb7c9c\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=2BE438E0F8F1CF26704B57ADF31173AA -- C:\Windows\diagnostics\system\Performance\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=2BE438E0F8F1CF26704B57ADF31173AA -- C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_19328f568d3b4e53\DiagPackage.dll.mui
[2009/07/13 22 (Microsoft Corporation) MD5=4DCA2637282D3C07E8D97FD3495FF8CB -- C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_50a23c79de28d447\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=526BCF713FE4662E9F8A245A3A57048F -- C:\Windows\diagnostics\system\PCW\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=526BCF713FE4662E9F8A245A3A57048F -- C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3ef7df0351777007\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=5B2F5EAE0668850BD81F124BFE2F0733 -- C:\Windows\diagnostics\system\Search\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=5B2F5EAE0668850BD81F124BFE2F0733 -- C:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e086c887cd65eb8f\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=7EBDADFB614E559F16E62B9E65FA6CA1 -- C:\Windows\diagnostics\system\Audio\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=7EBDADFB614E559F16E62B9E65FA6CA1 -- C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_74a07663e30b3b7f\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=88122CE38ABCD42A82D9D9651E698A6B -- C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=88122CE38ABCD42A82D9D9651E698A6B -- C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fee1d678cfc147fb\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=ACA3B70EEEC7A35E0AC644575624EFBE -- C:\Windows\diagnostics\system\Power\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=ACA3B70EEEC7A35E0AC644575624EFBE -- C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a0227acea6dfc9e\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=B983391D75B096EFD5C961EAEBFF965B -- C:\Windows\diagnostics\system\AERO\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=B983391D75B096EFD5C961EAEBFF965B -- C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4570dd9fe024ca48\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=C32A3B0B93F3AFDCE303404A43D06059 -- C:\Windows\diagnostics\system\HomeGroup\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=C32A3B0B93F3AFDCE303404A43D06059 -- C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_431397faaea66ab1\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=CB6D401B3E45479843AC9CF798A3A8D0 -- C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=CB6D401B3E45479843AC9CF798A3A8D0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_91fe3cf51f1d527b\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=DC9EF61F2F8EC42D28640B1D40739BAF -- C:\Windows\diagnostics\scheduled\Maintenance\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=DC9EF61F2F8EC42D28640B1D40739BAF -- C:\Windows\winsxs\amd64_microsoft-windows-m..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e42d49001c40300e\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=E51F7A69714A884C1F4924FBC783AF14 -- C:\Windows\diagnostics\system\WindowsUpdate\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=E51F7A69714A884C1F4924FBC783AF14 -- C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e0272d216c49ec0b\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=EBA7B04FD337BC66A14DA66305540665 -- C:\Windows\diagnostics\system\Device\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=EBA7B04FD337BC66A14DA66305540665 -- C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_2320293c6dab889f\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=EEF10765A1375A42D18E86D7852EBAC2 -- C:\Windows\diagnostics\system\Printer\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=EEF10765A1375A42D18E86D7852EBAC2 -- C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_63ace8212d64b345\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=F309B10E3EF714ACA5AC0DE2F68C1623 -- C:\Windows\diagnostics\system\DeviceCenter\en-US\DiagPackage.dll.mui
[2011/04/12 04 (Microsoft Corporation) MD5=F309B10E3EF714ACA5AC0DE2F68C1623 -- C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d39af25d080ac5ca\DiagPackage.dll.mui

< MD5 for: HTINTERACTIVERES.PS1 >
[2009/06/10 16 () MD5=C25ED2111C6EE9299E6D9BF51012F2F5 -- C:\Windows\diagnostics\system\Networking\HTInteractiveRes.ps1
[2009/06/10 16 () MD5=C25ED2111C6EE9299E6D9BF51012F2F5 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\HTInteractiveRes.ps1

< MD5 for: INTERACTIVERES.PS1 >
[2009/06/10 16 () MD5=25B8543DBF571F040118423BC3C7A75E -- C:\Windows\diagnostics\system\Networking\InteractiveRes.ps1
[2009/06/10 16 () MD5=25B8543DBF571F040118423BC3C7A75E -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\InteractiveRes.ps1

< MD5 for: LOCALIZATIONDATA.PSD1 >
[2011/04/12 04 () MD5=DC9BE0FDF9A4E01693CFB7D8A0D49054 -- C:\Windows\diagnostics\system\Networking\en-US\LocalizationData.psd1
[2011/04/12 04 () MD5=DC9BE0FDF9A4E01693CFB7D8A0D49054 -- C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\LocalizationData.psd1

< MD5 for: MSDT.EXE >
[2009/07/13 21 (Microsoft Corporation) MD5=AECB7B09566B1F83F61D5A4B44AE9C7E -- C:\Windows\SysNative\msdt.exe
[2009/07/13 21 (Microsoft Corporation) MD5=AECB7B09566B1F83F61D5A4B44AE9C7E -- C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe
[2009/07/13 21 (Microsoft Corporation) MD5=F67A64C46DE10425045AF682802F5BA6 -- C:\Windows\SysWOW64\msdt.exe
[2009/07/13 21 (Microsoft Corporation) MD5=F67A64C46DE10425045AF682802F5BA6 -- C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe

< MD5 for: NETWORKDIAGNOSTICSRESOLVE.PS1 >
[2009/06/10 16 () MD5=A7B957F221C643580184665BE57E6AC8 -- C:\Windows\diagnostics\system\Networking\NetworkDiagnosticsResolve.ps1
[2009/06/10 16 () MD5=A7B957F221C643580184665BE57E6AC8 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsResolve.ps1

< MD5 for: NETWORKDIAGNOSTICSTROUBLESHOOT.PS1 >
[2009/06/10 16 () MD5=1D192CE36953DBB7DC7EE0D04C57AD8D -- C:\Windows\diagnostics\system\Networking\NetworkDiagnosticsTroubleshoot.ps1
[2009/06/10 16 () MD5=1D192CE36953DBB7DC7EE0D04C57AD8D -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsTroubleshoot.ps1

< MD5 for: NETWORKDIAGNOSTICSVERIFY.PS1 >
[2009/06/10 16 () MD5=C0BB6343BD0F6F9B46B33E4B66106953 -- C:\Windows\diagnostics\system\Networking\NetworkDiagnosticsVerify.ps1
[2009/06/10 16 () MD5=C0BB6343BD0F6F9B46B33E4B66106953 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsVerify.ps1

< MD5 for: STARTDPSSERVICE.PS1 >
[2009/06/10 16 () MD5=A660422059D953C6D681B53A6977100E -- C:\Windows\diagnostics\system\Networking\StartDPSService.ps1
[2009/06/10 16 () MD5=A660422059D953C6D681B53A6977100E -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\StartDPSService.ps1

< MD5 for: UTILITYFIREWALL.PS1 >
[2009/06/10 16 () MD5=B004AFC224E9216115EC3B0BF5D43BA2 -- C:\Windows\diagnostics\system\Networking\UtilityFirewall.ps1
[2009/06/10 16 () MD5=B004AFC224E9216115EC3B0BF5D43BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\UtilityFirewall.ps1

< MD5 for: UTILITYFUNCTIONS.PS1 >
[2010/11/20 23 () MD5=2F7C3DB0C268CF1CF506FE6E8AECB8A0 -- C:\Windows\diagnostics\system\Networking\UtilityFunctions.ps1
[2010/11/20 23 () MD5=2F7C3DB0C268CF1CF506FE6E8AECB8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\UtilityFunctions.ps1

< MD5 for: UTILITYSETCONSTANTS.PS1 >
[2009/06/10 16 () MD5=0C75AE5E75C3E181D13768909C8240BA -- C:\Windows\diagnostics\system\Networking\UtilitySetConstants.ps1
[2009/06/10 16 () MD5=0C75AE5E75C3E181D13768909C8240BA -- C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\UtilitySetConstants.ps1

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:963CB70468D62699
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D30E8FC9
< End of report >
OTL Extras logfile created on: 21/10/2013 13
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zach\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 13.66 Gb Available Physical Memory | 85.51% Memory free
31.95 Gb Paging File | 29.37 Gb Available in Paging File | 91.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 46.13 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive D: | 698.54 Gb Total Space | 79.77 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] --
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] --
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002C5105-370A-46AE-BF5F-9905BAC6CA16}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0C5DB97A-D484-425D-9A40-27B9DE588F62}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2DE8B863-722C-4E06-8E83-3E7F1C3EEC2E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{31D5AE17-9223-4A8B-8C21-F40C670DD7DD}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{3B33CC63-F75F-483A-9BD3-0A16D43D8EBB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A73E2D92-6E7A-48AB-BB4C-051C22EDB956}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B4DE5AA9-AFB8-4540-A5C6-723AF6F36D88}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF025AF9-55B3-420C-87B1-64BAC001A8A8}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3ECDDA8-F774-4CE5-A012-4ADED1B1E11A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0120DA67-F5EA-4DCA-881C-07AC3DE51641}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{05F9C584-CC2F-433F-9ABE-CF3E5EFB7F67}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdupdate.exe |
"{0FBD9BAB-1155-43E3-9C9A-7A04AC1D911F}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford dissolvable agent.exe |
"{12CFAD18-07F7-4843-ACFE-0D45A46AAFB8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{16EB5F45-E4B0-4DE0-80C3-3BE87DAC9053}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderportable.exe |
"{18A275E2-2874-4314-A767-50C020C7C989}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{2BEDF813-7E65-4FD4-8308-57678A323CC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{340CEA2B-E0ED-4D58-8C93-1DF502EFE273}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3A7B8ADE-E803-42D5-8DFB-6942D0C5F68C}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{490EDE6C-4E22-4FB2-9619-9A75E15407FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E17CC80-1C60-4B59-9D00-9F3FED7AA69B}" = protocol=17 | dir=in | app=c:\users\zach\appdata\roaming\utorrent\utorrent.exe |
"{4F5B8326-0B0A-48EE-917D-D62B0FDCF85C}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{5F330A7D-B125-49F7-99F5-6533B4C9F4B5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{65C39604-521C-42CC-BEE6-48BA0D154A4E}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{6790586D-0CAA-41EF-9F1D-06EE609A78E1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{70DDFA3A-E971-480A-A162-2B0E61BCC7F1}" = protocol=6 | dir=in | app=c:\program files\kmsnano\data\qemu-system-i386.exe |
"{73743CD5-221D-4A17-9831-5427A87301AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{809C0060-D287-484B-94E8-EE5162971E5D}" = protocol=17 | dir=in | app=c:\program files\kmsnano\data\qemu-system-i386.exe |
"{85D60093-BEE2-4BA0-BAAB-A2CC43972319}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdupdate.exe |
"{8AEB53EC-CC88-4B7C-9CB9-CEE673A82762}" = protocol=6 | dir=in | app=c:\users\zach\appdata\roaming\utorrent\utorrent.exe |
"{8BA40E28-A76D-421C-B678-6B5439106F18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{9093A09A-4792-4B6D-9FE0-030370227812}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford dissolvable agent.exe |
"{97E23419-B87A-4D69-8F4A-70E1F546B83A}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderportable.exe |
"{9940C7BA-4DFE-42DA-ABD9-5D0096D6B8BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9A4AD6D0-5E2D-4FC7-9AF8-8F7EED4376EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A328F7D8-8B33-4C1C-8A49-6C631EA6D476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A636601A-C8B4-4744-A4ED-585E9A6B3DDA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF6E5FD9-F921-4A08-B5BD-F539879FA0FF}" = dir=in | app=%programfiles% (x86)\steam\steam.exe |
"{AFB950EA-50A7-45F8-8E0C-FA1B1743BB25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFDAE0B7-B7F8-4993-840D-DB3E1C90D946}" = protocol=6 | dir=in | app=c:\program files (x86)\safeconnect\scclient.exe |
"{B226E207-D7FC-493A-ACD3-233915326027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{B756F811-FF73-42D5-B478-0E78B8A994B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B8AA7512-A0AB-4E10-B682-2081F3E4D178}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C72B7AC3-9275-4F0F-8513-EFFC95F72EB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{CEC21F85-E1E5-4BF3-8FA6-CE3D9ED1BE2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{D4F7B4A6-36AB-4FC7-9162-4D66F6C8E1B2}" = protocol=17 | dir=in | app=c:\program files (x86)\safeconnect\scclient.exe |
"{D706868D-DB27-41E2-A63E-DBBADCC3968E}" = dir=out | app=%programfiles% (x86)\steam\steam.exe |
"{E0E913FD-C395-4927-AA11-230119003E26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E1173887-C30F-4935-B697-C861142E0E64}" = protocol=17 | dir=in | app=c:\program files\kmsnano\data\qemu-system-i386.exe |
"{E1D2822F-2CC9-48DF-A438-44CC47F3778A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{E3E2095F-F245-482E-BC80-5A3CFEFEA67E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E72B2EAB-8046-4AB2-B1C5-61443E4CE999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E877519A-F70E-49AE-AEF2-64989BDD695A}" = protocol=6 | dir=in | app=c:\program files\kmsnano\data\qemu-system-i386.exe |
"{EA41F840-30E0-4CD1-8CE9-CD104D1288C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EF3D9F21-3795-424F-9DD2-239F06DD9ED7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FA23C7E3-398B-470B-B581-D797DDB72EAA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"TCP Query User{5AA61DC4-B13A-4372-BAEC-90AD329AACA6}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe |
"TCP Query User{B25CCDA3-CE95-4E6F-8AAC-5A635D35B7F0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{CCA276DC-32A3-48D5-B821-46260E6D60E0}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{D701142C-0697-447A-A5BB-0AE9A9AC59A8}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{0D9ADEAD-EA70-4DEB-945F-2F62619D8945}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{2B518824-CE91-4CDF-8CE3-61BC7EF93FE1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3FD66EA8-4FBD-4583-9866-B288F28CBEB5}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{B6BB642F-3B82-4760-8891-2544DCBB81FE}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology
"{9798BB87-01B9-4D46-8EA0-6681E72BDE87}" = WD SmartWare
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 326.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.8.0 (64-bit)
"KMSnano 25_is1" = KMSnano 25
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Logitech Unifying" = Logitech Unifying Software 2.10
"Microsoft Security Client" = Microsoft Security Essentials
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PotPlayer64" = Daum PotPlayer 1.5.36205 x64 Edition
"sp6" = Logitech SetPoint 6.61
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.3 beta 2
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06D085C8-1F00-11B2-96A7-8f0CE39193ED}" = Intel® SSD Toolbox
"{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1" = Driver Fusion
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3017
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{3B673B37-EFF7-3BA0-94FF-CE8C46C36DD6}" = Google Chrome
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B75BAF2-A67A-418D-A3D4-B27A5C04F2F5}_is1" = Duplicate Video Search version 15.3.3
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{78091D68-706D-4893-B287-9F1DFB24F7AF}" = Intel® Update Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{E357C7B4-E337-4E43-84F1-8FDAF1EF4038}" = calibre
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.6
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"A-PDF Page Cut_is1" = A-PDF Page Cut
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"bi_uninstaller" = Bundled software uninstaller
"BitMeter" = BitMeter
"CloneCD" = CloneCD
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.4.2 Shizuku Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSMT6" = MathType 6
"Everything" = Everything 1.2.1.371
"FilesFrog Update Checker" = FilesFrog Update Checker
"Foxit Reader_is1" = Foxit Reader
"IconPackager" = IconPackager
"iFunbox_is1" = iFunbox (v2.6.2375.747), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3017
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3Resizer_is1" = MP3Resizer 2.1.0
"Nightly 26.0a1 (x86 en-US)" = Nightly 26.0a1 (x86 en-US)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QuickPar" = QuickPar 0.9
"Rainmeter" = Rainmeter
"Revo Uninstaller" = Revo Uninstaller 1.94
"SABnzbd" = SABnzbd 0.7.16
"SafeConnect" = SafeConnect
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.9
"SpeedFan" = SpeedFan (remove only)
"Steam App 570" = Dota 2
"SumatraPDF" = SumatraPDF
"Texmaker" = Texmaker
"The KMPlayer" = The KMPlayer (remove only)
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Urban Trial Freestyle_is1" = Urban Trial Freestyle
"VLC media player" = VLC media player 2.0.8
"WebFerret" = WebFerret
"Wireless Wizard ver 6.0_is1" = Wireless Wizard ver 6.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Flux" = f.lux
"Puzzle Pirates" = Puzzle Pirates
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/10/2013 2
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 20/10/2013 2
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 20/10/2013 2
Description = Task Scheduling Error: m->NextScheduledEvent 2340

Error - 20/10/2013 2
Description = Task Scheduling Error: m->NextScheduledSPRetry 2340

Error - 20/10/2013 19
Description =

Error - 20/10/2013 19
Description =

Error - 20/10/2013 19
Description =

Error - 21/10/2013 12
Description =

Error - 21/10/2013 12
Description =

Error - 21/10/2013 12
Description =

[ System Events ]
Error - 18/10/2013 19
Description = The Superfetch service terminated with the following error: %%2

Error - 18/10/2013 20
Description = The Superfetch service terminated with the following error: %%2

Error - 19/10/2013 13
Description = The Superfetch service terminated with the following error: %%2

Error - 19/10/2013 13
Description =

Error - 19/10/2013 13
Description = The Superfetch service terminated with the following error: %%2

Error - 20/10/2013 18
Description = The Superfetch service terminated with the following error: %%2

Error - 20/10/2013 19
Description = The Superfetch service terminated with the following error: %%2

Error - 21/10/2013 12
Description = The Superfetch service terminated with the following error: %%2

Error - 21/10/2013 12
Description = The Superfetch service terminated with the following error: %%2

Error - 21/10/2013 13
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.303.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I don't see anything wrong with the files that network troubleshooter uses.

I'm concerned about the gaps in the OTL logs so I have posted a query on our private forum to see if anyone else knows what is going on.

Can you run vew again for System and Applications? (Don't clear the logs first) The extras log seems to be cutting the event short.
  • 0

#48
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/10/2013 4:21:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Superfetch service terminated with the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ff.duckduckgo.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: file:_C:\Users\Zach\Desktop\Mathematica.v9.0.0\Mathematica.v9.0.0\Mathematica 7-8-9 keygen.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Zach-PC\Zach Process Name: C:\Windows\explorer.exe Signature Version: AV: 1.161.303.0, AS: 1.161.303.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name lastpass.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name lastpass.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name lastpass.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name download.windowsupdate.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name phx-sync-10-2-3.services.mozilla.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.REG-go.salve.edu timed out after none of the configured DNS servers responded.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/10/2013 4:21:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2340

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2340

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 999

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 999

Log: 'Application' Date/Time: 20/10/2013
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "select * from CIntelWLANEvent" could not be reactivated in namespace "//./ROOT/default" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 1022 Source: .NET Runtime
.NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3476. Message ID: [0x2509].

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 1022 Source: .NET Runtime
.NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3112. Message ID: [0x2509].

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 1022 Source: .NET Runtime
.NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4652. Message ID: [0x2509].

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 1022 Source: .NET Runtime
.NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3496. Message ID: [0x2509].

Log: 'Application' Date/Time: 18/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 18/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 18/10/2013
Type: Error Category: 0
Event: 1 Source: NvStreamSvc
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/10/2013
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the next 7 lines:

net start samss > %userprofile%\desktop\junk.txt 2>>&1
net start nsi >> %userprofile%\desktop\junk.txt 2>>&1
net start srvnet >> %userprofile%\desktop\junk.txt 2>>&1
net start mup >> %userprofile%\desktop\junk.txt 2>>&1
net start browser >> %userprofile%\desktop\junk.txt 2>>&1
net start wsearch >> %userprofile%\desktop\junk.txt 2>>&1
notepad %userprofile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.
  • 0

#50
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
All services have started so I guess it was just a fluke.

I'm looking at this error:

Log: 'Application' Date/Time: 19/10/2013
Type: Error Category: 0
Event: 1022 Source: .NET Runtime
.NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3476. Message ID: [0x2509].


I don't get a time stamp - just a date but I wonder if it appears when your troubleshooter fails. Can you clear the alarms:
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Then try the troubleshooter then run vew. If you see the above error then try


http://support.micro....com/kb/2507641

After each Method, try the network troubleshooter and see if it works.

If you don't get the error then it is something else.
  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Could you attach the last OTL log (not the Extras log) instead of copy and paste? Perhaps it is getting eaten in the copy paste process.
  • 0

#53
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
So I ran the Vew and didn't see that error again. What do you mean "The disk check will run and will probably take an hour or more to finish." What will cause the dick check to start?

Anyways I have found a way to run the troubleshooter which only makes this that much more confusing (or maybe tells you exactly whats wrong :) ). So I connected to my school's wifi and i got the yellow error message. It turned out i needed to switch the DNS servers back to automatic but before I figured that out I went to Network and Sharing Center and clicked on the red X between "Brown - Guest" (the network name) and "Interent". This resulted in the troubleshooter to run. It said it had trouble contacting the DNS server which is how I figured out the problem, but when I tried to run the troubleshooter from the task bar it encountered the same error it always has. Is this a different troubleshooter or is the problem really just how I initiate the troubleshooter?




Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/10/2013 6:43:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/10/2013
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-791533140-1803832889-3702046808-1000:
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Microsoft\Internet Explorer\Main
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1108 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-791533140-1803832889-3702046808-1000\Software\Policies


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/10/2013 6:50:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/10/2013
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Superfetch service terminated with the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 23/10/2013
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Superfetch service terminated with the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 19 seconds since the last report.

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Should have remove the stuff about the disk check. Sorry.

Any idea why we are getting these errors?

Log: 'System' Date/Time: 23/10/2013
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 5 seconds since the last report.


Is it running hot by any chance?

When you run the troubleshooter how do you normally start it? I thought you were just right clicking on the wireless icon.
  • 0

#55
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
My computer was running a bit hot but I cleaned it out of dust about a week ago. It's been normal temperature ever since. I have no idea why I'm getting the error.

As for the troubleshooter, hes normally I just right click on the wireless icon and click "Troubleshoot Problems" which results in an error. This one time I clicked on the x between the wireless name and internet in Network and Sharing center which seemed to run the troubleshooter without a problem. From what I can tell it was the same troubleshooter that normally runs when i used to right click on the wireless icon. For the life of me I can't imagine why starting the troubleshooter one way would result in an error while starting it another results in its execution.
  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the troubleshooter problem. If not go back in and re-enable (green led) half of the ones you disabled and reboot (or close Explorer and restart usign the task manager) Try to isolate it to a single item. If it doesn't help then re-enable all of them.
  • 0

#57
zoltain

zoltain

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 137 posts
I disabled all the non-Microsoft ones in that program but still got the error
  • 0

#58
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
About the only thing I can suggest is to get Process Monitor and see if you can see the difference between the two.

download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop. Close all programs and pause your anti-virus. Run Process Monitor by right clicking and Run As Admin. Try the troubleshooter where it works. Then try it where it doesn't and see if you can see the difference. Process Monitor will eventually run out of memory so File, then uncheck Capture Events.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP