Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

looks like laptop adware


  • Please log in to reply

#1
Nickynoodles41

Nickynoodles41

    Member

  • Member
  • PipPip
  • 48 posts
Hi all, my sons laptop is incredibly slow and today it seems that his xbox has been hacked Ive run OTL and here are the logs:

OTL logfile created on: 11/9/2013 4:49:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay's pc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.93% Memory free
7.49 Gb Paging File | 5.02 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.88 Gb Total Space | 322.23 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 13.59 Gb Total Space | 1.69 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 86.88 Mb Free Space | 87.74% Space Free | Partition Type: FAT32

Computer Name: JAYSPC-HP | User Name: Jay's pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/09 16:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay's pc\Downloads\OTL.exe
PRC - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 19:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/08 23:14:43 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/07/14 20:35:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/28 14:56:09 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/01 16:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/11 06:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/01 02:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/30 19:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 17:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 20:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/10/08 23:14:42 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/06/14 23:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 23:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 23:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/28 14:56:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/22 21:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 21:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 21:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/24 19:25:24 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/09/24 19:21:16 | 000,219,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/09/24 15:07:30 | 000,178,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/09/06 16:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/26 13:12:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/28 09:48:39 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/12/10 07:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/10 06:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/12/01 02:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/12/01 02:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/12/01 02:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 22:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 12:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 23:14:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/14 20:35:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/04/28 14:56:08 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/26 13:09:39 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/28 09:48:38 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/19 01:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/24 19:29:46 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/09/24 19:25:40 | 000,343,568 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/09/24 19:22:48 | 000,781,312 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/09/24 19:21:32 | 000,519,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/09/24 19:20:28 | 000,310,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/09/24 19:19:56 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/10/30 22:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 22:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 22:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 22:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 22:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 16:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/04/12 18:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 13:16:15 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/26 13:12:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/26 13:11:20 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/26 13:09:41 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/11 06:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/10 09:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/10 06:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/01 02:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/12/01 02:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 13:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/15 18:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 18:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 13:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 12:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 16:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/20 02:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7FDUM_enGB474
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/10 14:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/28 14:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/07 10:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay's pc\AppData\Roaming\Mozilla\Extensions
[2013/11/09 15:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay's pc\AppData\Roaming\Mozilla\Firefox\Profiles\249mq39e.default\extensions
[2012/04/15 10:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/10 12:34:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/10 12:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/10 12:34:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/28 14:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/28 14:56:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/28 14:56:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E0CFB4-F586-4172-A05B-18623043E611}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9D65BB8-F3E1-41F0-8F95-3F89E927FFBC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/09 16:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/11/09 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Malwarebytes
[2013/11/09 15:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/09 15:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/09 15:40:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/09 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/09 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\Programs
[2013/11/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{D542A032-F057-4D2D-A005-91CE0A0240B6}
[2013/11/08 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{22020245-C806-47D1-A178-60DE87063595}
[2013/10/29 13:55:27 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\cp point
[2013/10/29 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod shot
[2013/10/29 13:41:00 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod smg
[2013/10/29 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod semi
[2013/10/29 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\modloader
[2013/10/29 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2013/10/29 13:18:12 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2013/10/29 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Build and Shoot
[2013/10/29 13:16:59 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build and Shoot
[2013/10/29 13:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build and Shoot
[2013/10/29 13:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build and Shoot
[2013/10/27 13:00:48 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Documents\RIFT
[2013/10/27 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\RIFT
[2013/10/19 21:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/19 21:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/10/11 17:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{0A7A74B1-597C-4D5D-8CA0-33E7EB610C68}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/09 16:53:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 16:53:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 16:50:00 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Parental Controls.lnk
[2013/11/09 16:43:59 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/09 16:43:52 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 16:43:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/09 16:43:22 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/09 16:14:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 16:14:04 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/09 16:13:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731756776-1621859024-607529854-1001UA.job
[2013/11/09 15:40:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/08 22:13:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731756776-1621859024-607529854-1001Core.job
[2013/10/30 00:15:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 00:15:24 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 00:15:24 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/29 18:37:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJAYSPC-HP$.job
[2013/10/29 13:18:13 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2013/10/29 13:16:59 | 000,001,056 | ---- | M] () -- C:\Users\Jay's pc\Desktop\Build and Shoot Launcher.lnk
[2013/10/19 21:42:04 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/19 21:42:04 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/17 13:23:48 | 000,002,380 | ---- | M] () -- C:\Users\Jay's pc\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/09 15:40:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/29 13:39:10 | 000,258,560 | ---- | C] () -- C:\Users\Jay's pc\Desktop\modloader-installer.exe
[2013/10/29 13:18:13 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2013/10/29 13:16:59 | 000,001,056 | ---- | C] () -- C:\Users\Jay's pc\Desktop\Build and Shoot Launcher.lnk
[2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/11/28 10:42:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/07/11 10:26:56 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/11 10:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/11 10:26:54 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/01 22:28:31 | 000,000,024 | ---- | C] () -- C:\Users\Jay's pc\random.dat
[2012/07/01 22:28:30 | 000,000,047 | ---- | C] () -- C:\Users\Jay's pc\jagex_cl_runescape_LIVE.dat
[2012/03/24 20:24:39 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/26 13:17:07 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/29 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\.minecraft
[2012/05/11 10:59:07 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\.techniclauncher
[2013/10/29 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Build and Shoot
[2013/08/06 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Fatshark
[2012/08/13 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Hi-Rez Studios
[2013/08/29 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Natural Selection 2
[2011/12/25 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\PictureMover
[2012/04/18 17:00:20 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Research In Motion
[2013/10/27 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\RIFT
[2012/03/03 19:09:54 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\RotMG.Production
[2013/03/27 18:50:24 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Spore
[2011/12/25 18:52:49 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Synaptics
[2013/08/06 22:19:05 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\WildTangent
[2012/05/13 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Windows Live Writer
[2011/12/26 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\_MDLogs

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to geekstogo

I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Some of the problem you have causing "slowness" is that you're running 2 Anti Virus programs:

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.


Please uninstall 1 of them. If your currently paying for McAfee and it's subscription is up to date, then I would uninstall Avast.

How to uninstall Avast using avastclear

Please see Here for instructions and running the avast uninstall utility.

Next

I "Need" the Extras.Txt Log.

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be minimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Please post for me the:

  • Extra's .Txt Log
  • Let me know what you decided to uninstall as far as the Anti Virus program. If you need additional help with that.
  • Let me know how the computer is running after the uninstall of the Additional Anti Virus. You should see improvement in performance.

Joe
  • 0

#3
Nickynoodles41

Nickynoodles41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL Extras logfile created on: 11/9/2013 4:49:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay's pc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.93% Memory free
7.49 Gb Paging File | 5.02 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.88 Gb Total Space | 322.23 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 13.59 Gb Total Space | 1.69 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 86.88 Mb Free Space | 87.74% Space Free | Partition Type: FAT32

Computer Name: JAYSPC-HP | User Name: Jay's pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05849CAA-2939-48A2-B219-E5B67C24F566}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{085A7BEC-3D49-4CDA-8055-DB2945428801}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0CC99577-EBBF-4884-AC9A-94EB441BBE1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1C477874-BC4F-49CC-BBBC-6F4C0EFE0F8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1DD4017C-7B6B-4D28-A2AF-4CA879CB52EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2151C37D-D3D8-435E-AC88-1BA57EC896BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22937A8F-9891-4F71-820D-00BD311C56A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{3CEA780E-F2F0-42A5-8AF1-47E63FCBA807}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E211C52-AA12-4FB2-8DDB-6E898E372C6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F34F62F-3F70-421A-A4ED-D817967AE9EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{40F0B4AE-0DB4-4922-B907-A6403AC89931}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4AA54857-E04F-478F-95D9-EC8CE30AE398}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A859818-6EBD-4C56-91D7-0CC74C0306A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CDB540B-8D98-4C80-842A-58C6393F5368}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{627C436E-4C40-496E-9699-BFC3C51C9EAF}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{6594B9BB-D655-4FD4-A240-C067532F8956}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65B949C4-79E9-4A18-8094-54E6B311B37F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6857CA2E-9C58-4D4D-97F9-8771F3584CEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{7770DF5B-E9FA-4ADC-A2C6-84CCB3B38127}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77BAD5F0-D41F-4C78-B94D-AD8D9570EF7D}" = rport=138 | protocol=17 | dir=out | app=system |
"{8ED27450-4DDC-4623-853E-F057661B39F8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97BD4EDF-1449-40A2-90ED-9CB1D0BD52DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9861027E-5D1B-4A7D-991D-D58D74B1D212}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E62F0C6-7BA0-4D72-AE86-CBE345A954F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB535AEC-BAB3-44EC-9F92-9CBB9361DAF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD2DE4DA-8151-455D-8D09-602D8F8E4C1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB87BD00-F937-4E84-942D-BA5C3B683AA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{C58B6236-0F1D-4D5C-AE5F-212DCDA84DE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5EC51DF-11BD-41BC-A7F3-12EA3F5F06AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CBDFE64E-7AA8-4ACA-9104-8EE433B6BD7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCA15EEC-E5C1-4CC4-9160-0F59DB2E9EFE}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D73C7319-B32B-42B4-BA3D-540EBC47B35D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7444DCC-90DE-4989-9A25-BE6420BCE885}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCADBB22-2073-4564-9861-90D4170288BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E31990ED-D60E-497D-AC9D-01EFF30BDF4F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3BB3F31-A650-4899-B5F0-F024778E047D}" = lport=445 | protocol=6 | dir=in | app=system |
"{E4C55115-1B6B-4177-A146-5AFDD482106A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7BF1EF6-09EB-453D-BB59-3298976A3B82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03420CDC-12AE-472A-9BD6-DA0B78F4DAE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{068AAACA-2396-47D9-A5A8-42C9FE4BBBFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{086954ED-028D-470D-B114-853E102F68F0}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{0A0F0C7B-C1BE-49EB-A698-46B1B8744222}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1BE270C9-FB77-4EB2-AB31-7AD6C471E144}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{1D3F6F20-6571-4DEC-B7D1-38E273B1C814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{1DC81C32-21AB-42A6-B023-C0ED1EE3B34B}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{23F4CD18-3279-4742-9BA1-3A72FB454385}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{242FDDF9-02BC-4BF9-BD78-901B14192B23}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{257F4611-ECB0-4A6D-9817-5728C3DC5118}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2A184370-3CE8-487E-8E27-0ACAE31C92C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{2E170C74-3114-4109-80ED-3B0C2E6C8210}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3271FE31-1195-41AA-AC53-E018AB9B46CB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3555AD94-8DC5-4FF2-8512-1009B34311B3}" = protocol=58 | dir=out | [email protected],-503 |
"{35AAF479-9D27-4C8E-A726-FAB24C79AB6B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3ADD7D54-6642-426C-A5C5-D8D070841894}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AE673E8-71B2-42BD-BBA3-9C7053B06AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{3D7C5A76-2E30-4CF6-9958-841E3111EA23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{3ECAECDE-862E-43BE-B15F-F493E8A767EF}" = protocol=58 | dir=in | [email protected],-28545 |
"{43F530CE-6E07-4B6D-B642-C640D98B27FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4561DC0B-4610-44EC-95F9-76D927285E2E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{48A17E7F-BF59-40A4-AAD4-D7DC28D8FF07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{49F3FE88-DD20-443F-92BE-FFFF24DAC025}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B2940C5-BCB1-4FCD-BC8F-466013F1BC3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F125C24-20FD-4999-BEB2-341E9E262AC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{4FE2CF30-E32A-43ED-A624-A3C1BD738A8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe |
"{50032473-DC43-4404-BB13-D05BCE9DDF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{52F52688-AFF4-4681-A62D-4651E0680E9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{59A5BD55-A34E-4296-B928-B8B5745549C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{5C25A4D7-47C4-4FCD-AC3A-BF54EF360C37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5CC48F9D-5A66-42E4-8FB4-3A408EB6ADDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{5F5A98CE-3EE7-40FD-A0A6-952B2AAA926C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"{61BAD0C4-ADC8-448F-A428-36E596866D22}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{625D7E2B-13EE-4CC8-AB2A-CAB0DC71670B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{632A00AF-1E70-4B70-A1E3-0FDDBD3F1467}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe |
"{661C52AC-4395-4B47-9FA0-6C8CD6F354A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe |
"{67911AE3-214C-4BEB-B5BB-9225988847FD}" = protocol=6 | dir=out | app=system |
"{69365597-F6CA-4968-A840-37FD1C66F9AC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6DFF4F68-CB2D-41E8-8563-E7C8063348A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{6EC4FC5A-EC64-4B78-95FB-3B2C7E532536}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73CCC48D-3ADB-48D3-BAAB-FB7447A43C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"{786969DC-4DBB-4605-BC69-56384139CBF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{7A410DC4-0514-499F-BDA5-38868BB2B398}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7E7B80EF-8B5F-43A9-BE4A-A082BAEE7AFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8462C8D7-44A5-461D-AB1C-9E756F167852}" = protocol=58 | dir=out | [email protected],-28546 |
"{87110E51-B451-4CAC-B982-1EE196C89331}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{883C7C57-BFFE-4C85-9407-A7E5B4D1A7A9}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{88EF10C5-4E99-450B-943F-C1597C951DE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{8BEC9C79-6346-4AB5-8A59-3F564AFF8C9A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{8CBE3F1F-BA2B-491D-B178-24E4D0718D60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{8F62B8EE-FE8C-4615-96EE-30A265089A03}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FE4A706-7B63-4909-8BDB-5B5ABB4473BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9385F80E-FB43-461E-B4B1-6AE2D79B0930}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{95F9BA86-9CE8-4E6F-B75A-9870B75A727D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{99915BD1-DD08-4CE3-82A6-5EB1F6B807F2}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{A0F49374-3AFC-4381-8829-C93DF704BC97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{A3B5248C-0650-42FF-B888-95688288A61A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8C4FC1E-BEA8-4AF6-891C-4B49B4683A8F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AAE882A5-56F1-46F3-B520-BDE471499D8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF97E5AF-E49B-41BA-80C2-7DF169EFACDE}" = protocol=1 | dir=out | [email protected],-28544 |
"{B1B61F72-6A28-45E1-BADF-B3D380CD7CCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B88B3B44-35AF-4107-8D10-96B566BD0569}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{B97F6325-1913-45D8-A1C0-CE32AE37919F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{BB0A35E9-7AED-4223-B7E6-D51607AD2331}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0D46F01-92DF-4F0E-8BC3-54CA15785731}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2849D4D-B9BF-4314-B2FB-5A2743CF39EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5DA30ED-B4D2-4096-A7B6-0C92C969F9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe |
"{C73778FB-1486-4CC6-96B6-ECDD065AC273}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB421EC5-945A-49EF-9C1D-D140F80BA778}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{CBE86E9F-877A-41FB-BE8F-FA9C3AC9CAE1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D2C729DD-B6B9-4E7C-9B6E-45E82B86DD0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D4187F7E-3530-49D2-BDCF-8F2538C11F93}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8A4689C-4665-4067-9B0C-12B70A31B721}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DA959A58-2B16-4CDE-9627-87A5EF78D041}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E313A3CD-61EF-4B64-8A86-833D388E1B02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E7648739-875D-45F5-88FB-CB12C818F104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E888AF82-683D-4B14-8D24-7DA340ADAD9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EA2F7B10-5A17-43F5-8C6E-F12D7A0CF25B}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{ED930256-E849-49F9-906E-96C9EBBBD70B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1AD978B-8014-47A1-84C5-A29EFCE01704}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F33EE4EB-7210-4BF5-8BB4-EDC2E67C1A4F}" = protocol=58 | dir=in | app=system |
"{F83E1FC1-9FE2-45C4-920D-973A58A70B2D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F90F3D8F-99B1-4834-9CB8-626C909D0615}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD703CBB-DC21-45A2-903B-0B2D39F4029B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"TCP Query User{0EE6CDC6-9891-48EE-936A-8D956352C4FD}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{248FE404-6B42-4343-BA32-A815EF27103A}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"TCP Query User{39E857D2-2E33-4872-87AD-E399A14B5C98}C:\users\jay's pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jay's pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{4A436D65-7994-452E-8A3B-7A8C9E1F2B6E}C:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe |
"TCP Query User{7ADC0F02-E75E-45FD-83A3-5940C776F50B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9FFB0B71-9BED-4657-B5FB-6A1E5A3D31CB}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{B319EF92-E92B-4E72-B99D-861746883603}C:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe |
"TCP Query User{E2C81439-72BA-4E76-8722-E7D305E1C766}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{2BB01644-7314-4FA7-8BB3-638B9E286C4B}C:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ysdsy\garrysmod\hl2.exe |
"UDP Query User{3CEDCCBC-1F0C-480D-B3FE-33D575BA7603}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{4B75604C-5BA4-4689-BB72-4B3937D2DCFE}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{69DC5782-0431-46DB-83E9-B78E51A30283}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"UDP Query User{97991797-2610-47C8-BC2E-9BF86B86F09B}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{A932B266-52A5-44CD-9F2B-9B3474FEA01B}C:\users\jay's pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jay's pc\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{AEF5F579-4B77-4839-AF56-72D36880433E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B6A1758F-60F3-4220-BFEE-90AFAB1908B4}C:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jaytravers\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{860B418B-F90B-465A-BC1D-04B518045C72}" = HP Deskjet 3050 J610 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Ralink Motorola BC8 Bluetooth 3.0+HS Adapter
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Build and Shoot Launcher" = Build and Shoot Launcher 1.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Parental Controls
"My HP Game Console" = HP Game Console
"PunkBusterSvc" = PunkBuster Services
"Steam App 440" = Team Fortress 2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/17/2013 5:22:03 PM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6d71 Faulting
process id: 0x44f8 Faulting application start time: 0x01ce5344919d7cd4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: d0c56ce2-bf37-11e2-90a6-984be1c78fe9

Error - 5/17/2013 6:02:19 PM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6981 Faulting
process id: 0xff0 Faulting application start time: 0x01ce534a32453039 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: 70c7f6f2-bf3d-11e2-bbe6-984be1c78fe9

Error - 5/18/2013 5:47:22 AM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6703 Faulting
process id: 0x1934 Faulting application start time: 0x01ce53acb0e290cc Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: efa0d9eb-bf9f-11e2-9485-984be1c78fe9

Error - 5/19/2013 5:31:35 AM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.259.0, time
stamp: 0x5040f1f9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting
process id: 0xcac Faulting application start time: 0x01ce547022886532 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: e583cc80-c066-11e2-b81d-984be1c78fe9

Error - 5/21/2013 5:14:38 PM | Computer Name = Jayspc-HP | Source = Service1 | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

Error - 5/25/2013 3:26:15 PM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.259.0, time
stamp: 0x5040f1f9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting
process id: 0xbcc Faulting application start time: 0x01ce59791fafcd97 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f6c99e4f-c570-11e2-9a6a-984be1c78fe9

Error - 5/29/2013 9:12:06 AM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6703 Faulting
process id: 0x1fac Faulting application start time: 0x01ce5c6e1ce13485 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: 5c2beeca-c861-11e2-805b-984be1c78fe9

Error - 5/29/2013 9:12:15 AM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: AcroIEHelper.dll_unloaded, version:
0.0.0.0, time stamp: 0x4f708d85 Exception code: 0xc0000005 Fault offset: 0x7408556c
Faulting
process id: 0x1964 Faulting application start time: 0x01ce5c6e203c46b2 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
AcroIEHelper.dll Report Id: 616dead0-c861-11e2-805b-984be1c78fe9

Error - 6/8/2013 7:19:00 AM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6703 Faulting
process id: 0x10e0 Faulting application start time: 0x01ce6439f874b6d1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: 373a2411-d02d-11e2-930c-984be1c78fe9

Error - 6/9/2013 5:12:19 PM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6d71 Faulting
process id: 0xd00 Faulting application start time: 0x01ce655605305382 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: 4478ac72-d149-11e2-b38c-984be1c78fe9

Error - 6/11/2013 5:51:16 PM | Computer Name = Jayspc-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: JScript9.dll, version: 10.0.9200.16576,
time stamp: 0x515e3ba7 Exception code: 0xc0000005 Fault offset: 0x000e6703 Faulting
process id: 0x1fe8 Faulting application start time: 0x01ce66edcabcfe89 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\JScript9.dll Report Id: 0a5d6a63-d2e1-11e2-a5d7-984be1c78fe9

[ Hewlett-Packard Events ]
Error - 1/7/2012 6:07:58 AM | Computer Name = Jayspc-HP | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 1/14/2012 8:49:22 AM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/26/2012 6:57:17 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportAssistant.Common Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834 Ram Utilization:
40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 4/30/2012 8:05:26 AM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/19/2012 2:31:55 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/19/2012 2:31:55 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/7/2012 1:02:32 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/20/2012 2:40:50 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834
Ram
Utilization: 70 TargetSite: Void loadXML()

Error - 11/3/2012 3:59:36 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 3:59:55 PM | Computer Name = Jayspc-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 5/12/2012 5:14:26 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/05/12 22:14:26.116|00001258|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 2:31:35 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/05/19 19:31:35.475|00001A68|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/26/2012 5:06:01 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/05/26 22:06:01.729|00001C98|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/26/2012 5:07:48 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/05/26 22:07:48.832|00001A94|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/2/2012 2:56:02 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/02 19:56:02.355|000019B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/10/2012 6:16:06 AM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/10 11:16:06.969|00001AE4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/16/2012 6:19:34 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/16 23:19:34.626|00000C74|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/16/2012 6:21:20 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/16 23:21:20.292|00001AD4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/23/2012 2:17:53 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/23 19:17:53.490|000004C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/23/2012 2:19:29 PM | Computer Name = Jayspc-HP | Source = CaslWmi | ID = 5
Description = 2012/06/23 19:19:29.502|000018FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 9/15/2013 7:25:14 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 9/15/2013 7:25:16 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 9/21/2013 7:58:42 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 9/21/2013 7:58:44 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 9/22/2013 6:28:24 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 9/22/2013 6:28:27 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 9/23/2013 11:36:26 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 9/23/2013 11:36:27 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 10/5/2013 5:59:24 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 10/5/2013 5:59:25 AM | Computer Name = Jayspc-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

[ System Events ]
Error - 11/7/2013 4:14:16 AM | Computer Name = Jayspc-HP | Source = DCOM | ID = 10010
Description =

Error - 11/8/2013 7:06:28 AM | Computer Name = Jayspc-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/8/2013 7:08:06 AM | Computer Name = Jayspc-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 11/8/2013 7:08:11 AM | Computer Name = Jayspc-HP | Source = DCOM | ID = 10010
Description =

Error - 11/9/2013 10:32:24 AM | Computer Name = Jayspc-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 11/9/2013 10:33:52 AM | Computer Name = Jayspc-HP | Source = DCOM | ID = 10010
Description =

Error - 11/9/2013 12:03:39 PM | Computer Name = Jayspc-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:01:21 on ?09/?11/?2013 was unexpected.

Error - 11/9/2013 12:04:45 PM | Computer Name = Jayspc-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 11/9/2013 12:07:08 PM | Computer Name = Jayspc-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 11/9/2013 12:46:44 PM | Computer Name = Jayspc-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2


< End of report >
  • 0

#4
Nickynoodles41

Nickynoodles41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
have removed mcafee as it was not paid for and so offered no spyware protection, uninstalled and now reinstalled the lastest avast version

Edited by Nickynoodles41, 09 November 2013 - 02:37 PM.

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Please post a fresh OTL Log so I can see McAfee is gone.

Tell me the computer is running somewhat better now that only 1 Anti Virus is running.

Joe
  • 0

#6
Nickynoodles41

Nickynoodles41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Yes, already seems a little better!
new logs:

OTL logfile created on: 11/9/2013 8:56:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay's pc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 56.62% Memory free
7.49 Gb Paging File | 5.22 Gb Available in Paging File | 69.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.88 Gb Total Space | 323.75 Gb Free Space | 71.65% Space Free | Partition Type: NTFS
Drive D: | 13.59 Gb Total Space | 1.69 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 86.88 Mb Free Space | 87.74% Space Free | Partition Type: FAT32

Computer Name: JAYSPC-HP | User Name: Jay's pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/09 20:56:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay's pc\Downloads\OTL(2).exe
PRC - [2013/11/09 20:41:57 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/09 20:41:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 19:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/08 23:14:43 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/07/14 20:35:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/28 14:56:09 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/01 16:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/11 06:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/01 02:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/05/14 19:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/09 20:41:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/30 19:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 17:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 20:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/10/08 23:14:42 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/06/14 23:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 23:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 23:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/28 14:56:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/22 21:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 21:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 21:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/09 20:41:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 13:12:50 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/28 09:48:39 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/12/10 07:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/10 06:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/12/01 02:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/12/01 02:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/12/01 02:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 22:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 12:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2013/10/30 19:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 23:14:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/14 20:35:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/04/28 14:56:08 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/26 13:09:39 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/28 09:48:38 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/19 01:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/09 20:42:01 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/09 20:42:01 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/09 20:42:01 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/09 20:42:01 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/09 20:42:01 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/09 20:42:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/09 20:42:01 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/09 20:42:01 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/04/12 18:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 13:16:15 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/26 13:12:50 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/26 13:11:20 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/26 13:09:41 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/11 06:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/10 09:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/10 06:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/01 02:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/12/01 02:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 13:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/15 18:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 18:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 13:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 12:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 16:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/20 02:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7FDUM_enGB474
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/09 20:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/28 14:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/07 10:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay's pc\AppData\Roaming\Mozilla\Extensions
[2013/11/09 15:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay's pc\AppData\Roaming\Mozilla\Firefox\Profiles\249mq39e.default\extensions
[2012/04/15 10:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/10 12:34:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/10 12:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/10 12:34:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/28 14:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/28 14:56:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/28 14:56:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jay's pc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Google Wallet = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jay's pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E0CFB4-F586-4172-A05B-18623043E611}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9D65BB8-F3E1-41F0-8F95-3F89E927FFBC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/09 20:51:34 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\AVAST Software
[2013/11/09 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/09 20:42:34 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/09 20:42:30 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/09 20:42:29 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/09 20:42:27 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/09 20:42:25 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/09 20:42:23 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/09 20:42:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/09 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Malwarebytes
[2013/11/09 15:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/09 15:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/09 15:40:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/09 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/09 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\Programs
[2013/11/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{D542A032-F057-4D2D-A005-91CE0A0240B6}
[2013/11/08 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{22020245-C806-47D1-A178-60DE87063595}
[2013/10/29 13:55:27 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\cp point
[2013/10/29 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod shot
[2013/10/29 13:41:00 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod smg
[2013/10/29 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\mod semi
[2013/10/29 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Desktop\modloader
[2013/10/29 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2013/10/29 13:18:12 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2013/10/29 13:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Build and Shoot
[2013/10/29 13:16:59 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build and Shoot
[2013/10/29 13:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build and Shoot
[2013/10/29 13:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build and Shoot
[2013/10/27 13:00:48 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\Documents\RIFT
[2013/10/27 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Roaming\RIFT
[2013/10/11 17:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jay's pc\AppData\Local\{0A7A74B1-597C-4D5D-8CA0-33E7EB610C68}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/09 20:58:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 20:58:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 20:48:26 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 20:48:24 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/09 20:47:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/09 20:47:47 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/09 20:42:58 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/09 20:42:01 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/09 20:42:01 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/09 20:42:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/09 20:42:01 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/09 20:42:01 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/09 20:42:01 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/09 20:42:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/09 20:42:01 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/09 20:42:01 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/09 20:42:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/09 20:14:36 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/09 20:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 20:13:35 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731756776-1621859024-607529854-1001UA.job
[2013/11/09 15:40:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/08 22:13:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3731756776-1621859024-607529854-1001Core.job
[2013/10/30 00:15:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 00:15:24 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 00:15:24 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/29 18:37:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJAYSPC-HP$.job
[2013/10/29 13:18:13 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2013/10/29 13:16:59 | 000,001,056 | ---- | M] () -- C:\Users\Jay's pc\Desktop\Build and Shoot Launcher.lnk
[2013/10/17 13:23:48 | 000,002,380 | ---- | M] () -- C:\Users\Jay's pc\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/09 20:42:58 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/09 20:42:33 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/09 20:42:30 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/09 15:40:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/29 13:39:10 | 000,258,560 | ---- | C] () -- C:\Users\Jay's pc\Desktop\modloader-installer.exe
[2013/10/29 13:18:13 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2013/10/29 13:16:59 | 000,001,056 | ---- | C] () -- C:\Users\Jay's pc\Desktop\Build and Shoot Launcher.lnk
[2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/11/28 10:42:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/07/11 10:26:56 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/11 10:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/11 10:26:54 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/01 22:28:31 | 000,000,024 | ---- | C] () -- C:\Users\Jay's pc\random.dat
[2012/07/01 22:28:30 | 000,000,047 | ---- | C] () -- C:\Users\Jay's pc\jagex_cl_runescape_LIVE.dat
[2012/03/24 20:24:39 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/26 13:17:07 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/29 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\.minecraft
[2012/05/11 10:59:07 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\.techniclauncher
[2013/11/09 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\AVAST Software
[2013/10/29 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Build and Shoot
[2013/08/06 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Fatshark
[2012/08/13 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Hi-Rez Studios
[2013/08/29 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Natural Selection 2
[2011/12/25 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\PictureMover
[2012/04/18 17:00:20 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Research In Motion
[2013/10/27 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\RIFT
[2012/03/03 19:09:54 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\RotMG.Production
[2013/03/27 18:50:24 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Spore
[2011/12/25 18:52:49 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Synaptics
[2013/08/06 22:19:05 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\WildTangent
[2012/05/13 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\Windows Live Writer
[2011/12/26 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Jay's pc\AppData\Roaming\_MDLogs

========== Purity Check ==========



< End of report >
no second report came up?
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Thank you :)

I need some time to look the log over as there quite long, I will not be posting back until tomorrow. Don't make any changes to the computer such as installing or uninstalling software,

Again,

Thanks,

Joe
  • 0

#8
Nickynoodles41

Nickynoodles41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
That's fine Joe, thanks - will wait to hear from you - good luck!!
  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I'm running a bit behind, I'll be with you as soon as possible.


Joe
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers
  • Double click on AdwCleaner.exe to run the tool
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted
  • Please post the content of that log file with your next answer
  • You can find the log file at C:\AdwCleaner

Next

Download Security Check by screen317 from http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the following logs in your next reply:

  • C:\_OTL\Moved Files
  • OTL.txt[/b]
  • checkup.txt
  • AdwCleaner[S0].txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP