Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 running slow [Closed] [Solved]


  • This topic is locked This topic is locked

#1
AlanY

AlanY

    Member

  • Member
  • PipPip
  • 75 posts
Hi Geekstogo,

My computer is a Dell XPS 15 and it is running slowly since 3 days ago. Windows Explorer took me almost a full minute to load right after I boot Windows 7. Task Manager took longer to activate. I plugged my friend's external hard drive into my computer without scanning it prior to this problem. I suspect that this could be the cause. I ran an OTS Quick scan on my computer. Hopefully we can identify this problem soon.

OTS logfile created on: 25/12/2013 5:31:48 PM - Run 4
OTS by OldTimer - Version 3.1.41.4     Folder = C:\Users\YaoTheHong\Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 59.41 Gb Free Space | 13.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BOMBOMCHA
Current User Name: admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
psuaservice.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -> [2013/10/19 13:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.)
psuamain.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe -> [2013/10/19 13:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.)
c2c_service.exe -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.)
psanhost.exe -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2013/10/03 14:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.)
sftvsa.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation)
sftlist.exe -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated)
toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell)
stservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe -> [2011/08/18 23:05:54 | 002,751,808 | ---- | M] ()
sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS)
vpnagent.exe -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.)
ots.exe -> C:\Users\YaoTheHong\My Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS\OTS.exe -> [2011/02/20 01:14:48 | 000,642,560 | ---- | M] (OldTimer Tools)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation)
fatrayalert.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe -> [2010/11/02 12:40:30 | 002,006,664 | ---- | M] (Sensible Vision )
fatraymon.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe -> [2010/11/02 12:40:30 | 000,093,832 | ---- | M] (Sensible Vision )
faservice.exe -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -> [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision )
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation)
nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation)
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\YaoTheHong\My Documents\Info Center\Experts Help\Malware - Unable to Connect Internet, Uncontrollable Shutdowns\OTS\OTS.exe -> [2011/02/20 01:14:48 | 000,642,560 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/21 11:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2009/07/14 09:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(FLEXnet Licensing Service 64)  [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2012/11/07 04:38:36 | 001,432,400 | ---- | M] (Flexera Software, Inc.)
64bit-(EvtEng)  [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation)
64bit-(MyWiFiDHCPDNS)  [On_Demand | Stopped] -> C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -> [2010/03/05 10:07:58 | 000,340,240 | ---- | M] ()
64bit-(RegSrvc)  [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation)
64bit-(AERTFilters)  [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation)
64bit-(DockLoginService)  [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/12/12 00:35:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated)
(PSUAService) Panda Product Service [Auto | Running] -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -> [2013/10/19 13:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.)
(Skype C2C Service) Skype C2C Service [Auto | Running] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.)
(NanoServiceMain) Panda Cloud Antivirus Service [Auto | Running] -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2013/10/03 14:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.)
(sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -> [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation)
(sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -> [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation)
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated)
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/07/14 08:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation)
(SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS)
(vpnagent) Cisco AnyConnect VPN Agent [Auto | Running] -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -> [2011/01/18 03:48:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2010/12/23 18:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation)
(FAService) FAService [Auto | Running] -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -> [2010/11/02 12:40:28 | 002,428,552 | ---- | M] (Sensible Vision )
(RoxWatch12) Roxio Hard Drive Watcher 12 [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -> [2010/09/04 15:15:22 | 000,219,632 | ---- | M] (Sonic Solutions)
(RoxMediaDB12OEM) RoxMediaDB12OEM [Disabled | Stopped] -> C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -> [2010/09/04 15:14:26 | 001,116,656 | ---- | M] (Sonic Solutions)
(NOBU) Dell DataSafe Online [Disabled | Stopped] -> C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -> [2010/08/26 10:28:54 | 002,823,000 | ---- | M] (Dell, Inc.)
(UNS) Intel(R) Management & Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files (x86)\WinPcap\rpcapd.exe -> [2010/06/26 01:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/19 04:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(PSINAflt) PSINAflt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\PSINAflt.sys -> [2013/10/18 03:31:26 | 000,169,192 | ---- | M] (Panda Security, S.L.)
64bit-(PSINProt) PSINProt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\PSINProt.sys -> [2013/10/11 17:46:22 | 000,137,960 | ---- | M] (Panda Security, S.L.)
64bit-(PSINProc) PSINProc [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\PSINProc.sys -> [2013/10/11 17:46:22 | 000,124,648 | ---- | M] (Panda Security, S.L.)
64bit-(PSINReg) PSINReg [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\PSINReg.sys -> [2013/10/11 17:46:22 | 000,105,704 | ---- | M] (Panda Security, S.L.)
64bit-(PSINKNC) PSINKNC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\PSINKNC.sys -> [2013/10/11 17:46:21 | 000,206,056 | ---- | M] (Panda Security, S.L.)
64bit-(PSINFile) PSINFile [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\PSINFile.sys -> [2013/10/11 17:46:21 | 000,122,600 | ---- | M] (Panda Security, S.L.)
64bit-(Sftvol) Sftvol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftvollh.sys -> [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation)
64bit-(Sftredir) Sftredir [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftredirlh.sys -> [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation)
64bit-(Sftplay) Sftplay [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftplaylh.sys -> [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation)
64bit-(Sftfs) Sftfs [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Sftfslh.sys -> [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation)
64bit-(NNSSTRM) NNSSTRM [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSStrm.sys -> [2013/05/29 11:55:24 | 000,246,504 | ---- | M] (Panda Security, S.L.)
64bit-(NNSTLSC) NNSTLSC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNStlsc.sys -> [2013/05/29 11:55:24 | 000,106,216 | ---- | M] (Panda Security, S.L.)
64bit-(NNSPRV) NNSPRV [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSPrv.sys -> [2013/05/29 11:55:23 | 000,118,504 | ---- | M] (Panda Security, S.L.)
64bit-(NNSSMTP) NNSSMTP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSSmtp.sys -> [2013/05/29 11:55:23 | 000,114,920 | ---- | M] (Panda Security, S.L.)
64bit-(NNSPROT) NNSPROT [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSProt.sys -> [2013/05/29 11:55:22 | 000,305,896 | ---- | M] (Panda Security, S.L.)
64bit-(NNSPOP3) NNSPOP3 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSPop3.sys -> [2013/05/29 11:55:22 | 000,119,016 | ---- | M] (Panda Security, S.L.)
64bit-(NNSIDS) NNSIDS [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSIds.sys -> [2013/05/29 11:55:21 | 000,114,920 | ---- | M] (Panda Security, S.L.)
64bit-(NNSHTTPS) NNSHTTPS [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSHttps.sys -> [2013/05/29 11:55:21 | 000,109,288 | ---- | M] (Panda Security, S.L.)
64bit-(NNSPICC) NNSPICC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSpicc.sys -> [2013/05/29 11:55:21 | 000,095,464 | ---- | M] (Panda Security, S.L.)
64bit-(NNSHTTP) NNSHTTP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSHttp.sys -> [2013/05/29 11:55:20 | 000,122,088 | ---- | M] (Panda Security, S.L.)
64bit-(NNSALPC) NNSALPC [Kernel | System | Running] -> C:\Windows\SysNative\drivers\NNSAlpc.sys -> [2013/05/29 11:55:20 | 000,091,368 | ---- | M] (Panda Security, S.L.)
64bit-(NNSPIHSW) NNSPIHSW [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\NNSPihsw.sys -> [2013/05/29 05:55:22 | 000,069,864 | ---- | M] (Panda Security, S.L.)
64bit-(PSKMAD) PSKMAD [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\PSKMAD.sys -> [2013/04/29 15:17:30 | 000,058,808 | ---- | M] (Panda Security, S.L.)
64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2013/04/08 23:39:14 | 000,279,616 | ---- | M] (DT Soft Ltd)
64bit-(nmwcdnsux64) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdnsux64.sys -> [2011/08/17 10:04:34 | 000,171,008 | ---- | M] (Nokia)
64bit-(vpnva) Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vpnva64.sys -> [2011/08/04 04:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(VClone) VClone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VClone.sys -> [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG)
64bit-(nmwcdnsucx64) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -> [2010/12/02 10:36:40 | 000,012,800 | ---- | M] (Nokia)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2010/11/12 04:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation)
64bit-(JMCR) JMCR [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\jmcr.sys -> [2010/09/27 14:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation)
64bit-(stdcfltn) Disk Class Filter Driver for Accelerometer [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\stdcfltn.sys -> [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics)
64bit-(Acceler) Accelerometer Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Accelern.sys -> [2010/08/20 06:05:18 | 000,027,760 | ---- | M] (ST Microelectronics)
64bit-(CtClsFlt) Creative Camera Class Upper Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CtClsFlt.sys -> [2010/08/13 00:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.)
64bit-(PCDSRVC{1E208CE0-FB7451FF-06020101}_0) PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -> [2010/07/30 15:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/07/15 12:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated)
64bit-(qicflt) upper Device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qicflt.sys -> [2010/07/12 18:38:06 | 000,029,288 | ---- | M] (Quanta Computer)
64bit-(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\npf.sys -> [2010/06/26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/06/23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            )
64bit-(NETw5s64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw5s64.sys -> [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation)
64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2010/04/27 12:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation)
64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2010/04/27 12:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation)
64bit-(Impcd) Impcd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation)
64bit-(TurboB) Turbo Boost UI Monitor driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\TurboB.sys -> [2009/11/03 02:48:02 | 000,013,784 | ---- | M] ()
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(NMgamingmsFltr) USB Optical Mouse [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NMgamingms.sys -> [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/11 04:38:56 | 000,000,308 | ---- | M] ()
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mcdbus.sys -> [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.)
64bit-(FACAP) facap, FastAccess Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\facap.sys -> [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision )
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdx64.sys -> [2007/06/28 11:47:14 | 000,173,056 | ---- | M] (Nokia)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\admin\AppData\Roaming\Mozilla\FireFox\Profiles\uuc5hb10.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO\ [C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO\] -> [2013/04/02 13:48:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX\ [C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX\] -> [2013/04/02 14:18:02 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components -> C:\Users\Ajnim\My Documents\Appendical Programs\Mozilla Firefox\components [C:\USERS\AJNIM\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\COMPONENTS] -> [2013/04/02 14:11:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins -> C:\USERS\AJNIM\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\PLUGINS -> 
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Mozilla Firefox\components [C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\COMPONENTS] -> [2013/04/02 14:18:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\admin\AppData\Roaming\Mozilla\Extensions -> [2011/11/28 13:06:06 | 000,000,000 | ---D | M]
  -> C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uuc5hb10.default\extensions -> [2013/04/02 14:23:36 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
No name found ->  -> File not found
No name found -> C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE -> File not found
No name found -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR -> File not found
FastAccess Web Login -> C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO -> [2013/04/02 13:48:14 | 000,000,000 | ---D | M]
Freemake Video Converter Plugin -> C:\USERS\YAOTHEHONG\DOCUMENTS\APPENDICAL PROGRAMS\FREEMAKE VIDEO CONVERTER V2.1.3.0\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX -> [2013/04/02 14:18:02 | 000,000,000 | ---D | M]
< HOSTS File > ([2013/04/13 23:15:39 | 000,000,855 | ---- | M] - 24 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> Reg Error: Key error. [McAfee Phishing Filter] -> File not found
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2013/10/09 10:50:52 | 006,270,336 | ---- | M] (Skype Technologies S.A.)
{DA5BCE70-D057-4D63-943D-5F3927EC59F1} [HKLM] -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [SSOIEAddonBHO Class] -> [2010/11/02 12:40:26 | 000,746,120 | ---- | M] (Sensible Vision )
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> Reg Error: Key error. [Java(tm) Plug-In 2 SSV Helper] -> File not found
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitcth.dll [Octh Class] -> [2012/06/20 15:52:10 | 000,241,464 | ---- | M] (Orbitdownloader.com)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> Reg Error: Key error. [McAfee Phishing Filter] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/10/08 07:50:01 | 000,462,760 | ---- | M] (Oracle Corporation)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2013/10/09 10:57:48 | 004,502,400 | ---- | M] (Skype Technologies S.A.)
{DA5BCE70-D057-4D63-943D-5F3927EC59F1} [HKLM] -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [SSOIEAddonBHO Class] -> [2010/11/02 12:40:26 | 000,574,088 | ---- | M] (Sensible Vision )
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/10/08 07:47:58 | 000,171,944 | ---- | M] (Oracle Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2012/06/20 15:52:10 | 000,696,000 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll [Grab Pro] -> [2012/06/20 15:52:10 | 000,696,000 | ---- | M] ()
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"IntelWireless" -> C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe ["C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray] -> [2010/03/05 10:09:02 | 001,928,976 | ---- | M] (Intel(R) Corporation)
"NVHotkey" -> C:\Windows\SysNative\nvHotkey.dll [rundll32.exe C:\Windows\system32\nvHotkey.dll,Start] -> [2010/08/12 13:19:40 | 000,283,240 | ---- | M] (NVIDIA Corporation)
"RtHDVBg" -> C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 ] -> [2011/01/18 14:53:06 | 002,188,904 | ---- | M] (Realtek Semiconductor)
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/02/18 15:48:58 | 006,611,048 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"FAStartup" ->  [] -> File not found
"FATrayAlert" -> C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe] -> [2010/11/02 12:40:30 | 000,093,832 | ---- | M] (Sensible Vision )
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation)
"NUSB3MON" -> c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2010/04/27 13:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
"PSUAMain" -> C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe ["C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray] -> [2013/10/19 13:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"" ->  [] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Download by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
&Grab video by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
Do&wnload selected by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
Down&load all by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Download by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
&Grab video by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
Do&wnload selected by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
Down&load all by Orbit -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll [res://C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202] -> [2012/06/20 15:52:10 | 000,102,080 | ---- | M] (Orbitdownloader.com)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Button: Skype Click to Call] -> [2013/10/09 10:50:52 | 006,270,336 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2013/10/09 10:57:48 | 004,502,400 | ---- | M] (Skype Technologies S.A.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Users\YaoTheHong\My Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7720 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7718 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} [HKLM] -> http://support.dell.com/systemprofiler/DellSystemLite.CAB [DellSystemLite.Scanner] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{78A71A00-BC74-4F42-904C-6612B42C1F19}\\DhcpNameServer -> 192.168.1.1   (Intel(R) Centrino(R) Advanced-N 6200 AGN) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/14 09:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist ->  -> File not found
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
FastAccess -> C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll -> [2010/11/02 12:40:28 | 000,147,080 | ---- | M] ()
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
64bit-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
\List\\"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2012/06/20 15:52:10 | 002,637,624 | ---- | M] (Orbitdownloader.com)
\List\\"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2012/06/20 15:43:38 | 000,557,056 | ---- | M] (Orbitdownloader.com)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{13FD0C2B-F90D-4202-BA0F-9FF93D64388A} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{36A6D726-CB33-4B76-AAFC-E487E1B717D5} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{37EC36F6-72C8-4A9F-A260-052B7CB165CD} -> lport=49242 | profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface | 
{57C62B11-3A30-441F-9436-A86BFC7818D5} -> lport=808 | protocol=6 | dir=in | action=allow | [email protected]:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | 
{6B62572C-6667-4A62-A057-272E6C3B904E} -> lport=5000 | profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface | 
{8F10E703-E703-4AFF-85A7-23B640B9F21C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{B99ADA06-7F1B-45E0-97CF-111F9757A78F} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=file and printer sharing (llmnr-udp-in) | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=file and printer sharing (llmnr-udp-out) | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0D76D760-EAE3-40F2-A83F-37F3FFF58941} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{19E61D96-D256-4A9F-854D-68EED8BC781B} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{247807A8-0BA2-4F6C-889B-3CCD7D81332A} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{42B6E22D-BEBF-4A7A-8392-0E258EADECC3} -> dir=in | action=allow | name=wireless pan dhcp server | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
{5165E028-8B4E-4D95-AD4B-75D649985E94} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{6850C763-6DE0-46FF-AB40-5616FCC8237D} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{8B2B6B84-ACB5-4AE4-B0CD-947F77305926} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{B4C00699-AC6F-431F-A081-4736E93842E6} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\users\yaothehong\documents\starcraft 2\starcraft ii beta\starcraft ii.exe | 
{B4CE19A6-99F8-4791-8AFA-A2AC5EA80D2C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{CEDF2E52-F56D-4DCD-B481-F3E6ADAE227C} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\users\yaothehong\documents\starcraft 2\starcraft ii beta\starcraft ii.exe | 
TCP Query User{08AC6BE2-514B-4E98-ABFB-0B16AE1FBFCD}C:\program files (x86)\thinktda\thinktda.exe -> profile=public | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | 
TCP Query User{1192A90D-5660-4795-B275-6AE7E70E9F6B}C:\users\yaothehong\desktop\givme7\garena\garena.exe -> profile=private | protocol=6 | dir=in | action=allow | name=garena.exe | app=c:\users\yaothehong\desktop\givme7\garena\garena.exe | 
TCP Query User{3067BD7E-5ECC-449E-A7EF-0F8A858138DF}C:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe -> profile=private | protocol=6 | dir=in | action=block | name=desmume_vs2008.exe | app=c:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe | 
TCP Query User{41A2DA1A-78B8-4BF5-9079-A843F1BDF4D1}E:\thinkorswim\thinktda\thinktda.exe -> profile=private | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=e:\thinkorswim\thinktda\thinktda.exe | 
TCP Query User{48A21A1F-98D5-4AFB-970A-CAD484C9C597}C:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=private | protocol=6 | dir=in | action=block | name=sketchup.exe | app=c:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | 
TCP Query User{7BDF4309-AC4A-41C8-B345-DE501EFE6B26}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=private | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | 
TCP Query User{7CD42776-45D1-4B96-B0E6-837BD359BEF8}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe -> profile=private | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe | 
TCP Query User{A07F2C7F-A0A9-4641-8572-937A213E61FF}C:\program files (x86)\thinktda\thinktda.exe -> profile=private | protocol=6 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | 
TCP Query User{A17ABDDF-04AB-41BB-B818-24B36FC78149}C:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox.exe | app=c:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe | 
TCP Query User{BAC4F60C-CCFA-476D-948C-853327F14F5C}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=public | protocol=6 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | 
TCP Query User{BEE720A7-EC38-4BA2-BB7C-3B65FFB64F3F}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{C0C2948C-25CE-4F22-A096-BF42C060FDF5}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{F1E9668C-CAA0-4129-896F-E4AAB7D742BC}C:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=public | protocol=6 | dir=in | action=block | name=sketchup.exe | app=c:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | 
UDP Query User{03B712D5-E2F8-41CF-B8CD-9458AA17FDF5}C:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=public | protocol=17 | dir=in | action=block | name=sketchup.exe | app=c:\users\ajnim\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | 
UDP Query User{1B985160-9CAA-456E-BA52-D651AF921C63}E:\thinkorswim\thinktda\thinktda.exe -> profile=private | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=e:\thinkorswim\thinktda\thinktda.exe | 
UDP Query User{207E6FDF-AC04-4187-A6A2-AAE11E709716}C:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe -> profile=private | protocol=17 | dir=in | action=block | name=sketchup.exe | app=c:\users\yaothehong\appdata\local\temp\spoon\cache\0x8f67b19608374cdb\stubexe\0x7496e8aa457f6b77\sketchup.exe | 
UDP Query User{229A93C2-2EFC-4F0A-9973-410700F250D2}C:\program files (x86)\thinktda\thinktda.exe -> profile=private | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | 
UDP Query User{58EF9EB5-08C9-42AA-8079-FD319894AF24}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=private | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | 
UDP Query User{7B0E603D-4740-400E-B4DB-7D982DD71684}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe -> profile=public | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader\orbitdownloader\orbitnet.exe | 
UDP Query User{849D103E-E904-4AA2-B0FC-78E9C5CA17B2}C:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox.exe | app=c:\users\yaothehong\documents\appendical programs\mozilla firefox\firefox.exe | 
UDP Query User{9EE3C564-A7FE-4A68-8301-95CD28614D22}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{A285EC91-8A96-40F0-90AD-0BCCEBCD7048}C:\users\yaothehong\desktop\givme7\garena\garena.exe -> profile=private | protocol=17 | dir=in | action=allow | name=garena.exe | app=c:\users\yaothehong\desktop\givme7\garena\garena.exe | 
UDP Query User{B56D4821-BBBC-4C96-B196-27B916154682}C:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe -> profile=private | protocol=17 | dir=in | action=block | name=desmume_vs2008.exe | app=c:\users\yaothehong\saved games\nintendo ds emulator\desmume v.0.9.7 x86-x32 wifi capability winpcap v.4.1.2\desmume_vs2008.exe | 
UDP Query User{CC4EF418-F73F-42E0-A0C8-1F998A42DA45}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{D7A5CA6A-A8C9-41EF-9CD3-18F862CA1120}C:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe -> profile=private | protocol=17 | dir=in | action=block | name=orbitnet.exe | app=c:\users\yaothehong\documents\appendical programs\firefox plugins\orbit downloader 4.0.0.10\orbitdownloader\orbitnet.exe | 
UDP Query User{DD5167B3-6F33-4B73-AB7D-C7B7C5707EF9}C:\program files (x86)\thinktda\thinktda.exe -> profile=public | protocol=17 | dir=in | action=allow | name=thinktda desktop application | app=c:\program files (x86)\thinktda\thinktda.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> [2012/06/20 15:52:10 | 002,637,624 | ---- | M] (Orbitdownloader.com)
"C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe" -> C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe [C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> [2012/06/20 15:43:38 | 000,557,056 | ---- | M] (Orbitdownloader.com)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/21 11:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\Autodesk [] -> C:\Autodesk [ NTFS ] -> [2012/11/07 03:59:48 | 000,000,000 | ---D | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 CanonIJ Uninstaller Information -> C:\Windows\SysNative\CanonIJ Uninstaller Information -> [2013/12/20 11:03:50 | 000,000,000 | -H-D | C]
 Canon MP250 series -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series -> [2013/12/20 11:03:50 | 000,000,000 | ---D | C]
 CanonBJ -> C:\ProgramData\CanonBJ -> [2013/12/20 11:03:36 | 000,000,000 | -H-D | C]
 PSKMAD.sys -> C:\Windows\SysNative\drivers\PSKMAD.sys -> [2013/12/13 10:29:34 | 000,058,808 | ---- | C] (Panda Security, S.L.)
 Minidump -> C:\Windows\Minidump -> [2013/12/03 03:24:05 | 000,000,000 | ---D | C]
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/12/25 17:34:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job -> [2013/12/25 17:31:00 | 000,000,928 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/12/25 17:30:39 | 000,019,136 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/12/25 17:30:39 | 000,019,136 | ---- | M] ()
 SystemToolsDailyTest.job -> C:\Windows\tasks\SystemToolsDailyTest.job -> [2013/12/25 17:30:26 | 000,000,422 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/12/25 17:25:24 | 000,000,892 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/12/25 17:24:46 | 000,000,896 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/12/25 17:24:38 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/12/25 17:24:33 | 3168,043,008 | -HS- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/12/20 15:56:26 | 000,779,080 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/12/20 15:56:26 | 000,664,544 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/12/20 15:56:26 | 000,124,990 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job -> [2013/12/18 19:31:00 | 000,000,876 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/12/13 10:28:59 | 000,507,664 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/12/03 03:24:01 | 523,685,634 | ---- | M] ()
 8 C:\Users\admin\AppData\Local\Temp\*.tmp files -> C:\Users\admin\AppData\Local\Temp\*.tmp -> 
 48 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 2 C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\Icon Cache\*.tmp files -> C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\Icon Cache\*.tmp -> 
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 CNC173AD.TBL -> C:\Windows\SysWow64\CNC173AD.TBL -> [2013/12/20 11:01:35 | 000,012,288 | ---- | C] ()
 CNC173AD.TBL -> C:\Windows\SysNative\CNC173AD.TBL -> [2013/12/20 11:01:35 | 000,012,288 | ---- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/12/03 03:24:01 | 523,685,634 | ---- | C] ()
 NanoRepository.bin.bak -> C:\ProgramData\NanoRepository.bin.bak -> [2013/04/14 15:10:29 | 000,005,856 | ---- | C] ()
 NanoRepository.bin -> C:\ProgramData\NanoRepository.bin -> [2013/04/14 15:10:29 | 000,005,856 | ---- | C] ()
 HamsterFreeArchiver.cfg -> C:\Users\admin\AppData\Local\HamsterFreeArchiver.cfg -> [2013/04/13 12:08:34 | 000,001,610 | ---- | C] ()
 0x0304A000.sfl -> C:\ProgramData\0x0304A000.sfl -> [2013/04/06 02:13:10 | 000,000,000 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2013/04/04 03:30:56 | 000,787,064 | ---- | C] ()
 FAIEExtension.dll -> C:\Windows\SysWow64\FAIEExtension.dll -> [2010/11/02 12:40:34 | 000,087,176 | ---- | C] ()
 FAib.dll -> C:\Windows\SysWow64\FAib.dll -> [2010/11/02 12:40:30 | 000,057,480 | ---- | C] ()
 FACrashRpt.dll -> C:\Windows\SysWow64\FACrashRpt.dll -> [2010/11/02 12:40:24 | 000,248,968 | ---- | C] ()
 pthreadVC.dll -> C:\Windows\SysWow64\pthreadVC.dll -> [2010/06/26 01:03:12 | 000,053,299 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/14 07:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/14 05:03:59 | 000,364,544 | ---- | C] ()
 
[File - Lop Check]
 Autodesk -> C:\Users\admin\AppData\Roaming\Autodesk -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 BleachBit -> C:\Users\admin\AppData\Roaming\BleachBit -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 DAEMON Tools Lite -> C:\Users\admin\AppData\Roaming\DAEMON Tools Lite -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 DassaultSystemes -> C:\Users\admin\AppData\Roaming\DassaultSystemes -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 DriverCure -> C:\Users\admin\AppData\Roaming\DriverCure -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 GlarySoft -> C:\Users\admin\AppData\Roaming\GlarySoft -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 GrabPro -> C:\Users\admin\AppData\Roaming\GrabPro -> [2011/01/24 02:57:25 | 000,000,000 | ---D | M]
 iExpert Software -> C:\Users\admin\AppData\Roaming\iExpert Software -> [2013/04/02 14:23:32 | 000,000,000 | ---D | M]
 Orbit -> C:\Users\admin\AppData\Roaming\Orbit -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M]
 Panda Security -> C:\Users\admin\AppData\Roaming\Panda Security -> [2013/04/03 14:52:54 | 000,000,000 | ---D | M]
 ParetoLogic -> C:\Users\admin\AppData\Roaming\ParetoLogic -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M]
 PCDr -> C:\Users\admin\AppData\Roaming\PCDr -> [2013/04/17 10:01:38 | 000,000,000 | ---D | M]
 Philipp Winterberg -> C:\Users\admin\AppData\Roaming\Philipp Winterberg -> [2012/05/01 23:50:39 | 000,000,000 | ---D | M]
 ProgSense -> C:\Users\admin\AppData\Roaming\ProgSense -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M]
 SoftGrid Client -> C:\Users\admin\AppData\Roaming\SoftGrid Client -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M]
 TP -> C:\Users\admin\AppData\Roaming\TP -> [2011/01/22 18:59:39 | 000,000,000 | ---D | M]
 TuneUp Software -> C:\Users\admin\AppData\Roaming\TuneUp Software -> [2013/04/02 14:23:37 | 000,000,000 | ---D | M]
 PCDoctorBackgroundMonitorTask.job -> C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job -> [2013/04/08 04:00:00 | 000,000,564 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2013/12/21 21:27:35 | 000,032,560 | ---- | M] ()
 SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job -> [2013/12/25 17:30:26 | 000,000,422 | ---- | M] ()
 
[File - Purity Scan]
 
< End of report >

  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, AlanY

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

OTS is a little bit outdated.

FRST for the 64bit version

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror 64 bit #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it.
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1


  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#3
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi Machiavelli,

Thank you for helping me deal with my computer issue. I followed your instructions and here are the notepad files:

FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by admin (administrator) on BOMBOMCHA on 27-12-2013 14:22:27
Running from C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-02] (Sensible Vision )
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Policies\Explorer: []
HKU\Guest\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-21] (Microsoft Corporation)
HKU\YaoTheHong\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\YaoTheHong\...\Run: [F.lux] - C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\YaoTheHong\...\Run: [Google Update] - C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-10] (Google Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Ajnim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....c=my&l=en&s=gen
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {8E1AF467-5FE7-4E58-9631-B63F1BA5F025} URL = http://malaysia.sear...p={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uuc5hb10.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF StartMenuInternet: FIREFOX.EXE - C:\Users\Ajnim\Documents\Appendical Programs\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
CHR DefaultSearchKeyword: google.com.my
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2013-04-08] (DT Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2011-06-24] (Arainia Solutions LLC)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-29] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [169192 2013-10-18] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206056 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 14:22 - 2013-12-27 14:22 - 00000000 ____D C:\FRST
2013-12-27 14:16 - 2013-12-27 14:22 - 00000000 ____D C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive
2013-12-20 11:03 - 2013-12-20 11:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-20 11:03 - 2013-12-20 11:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-20 11:01 - 2010-04-24 05:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLM9W.DLL
2013-12-20 11:01 - 2009-04-03 16:01 - 01321984 _____ (CANON INC.) C:\Windows\system32\CNC250C.dll
2013-12-20 11:01 - 2009-04-03 16:00 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNC250I.dll
2013-12-20 11:01 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250U.dll
2013-12-20 11:01 - 2009-03-11 11:36 - 00328192 _____ (CANON INC.) C:\Windows\system32\CNC250L.dll
2013-12-20 11:01 - 2009-03-11 11:34 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250L.dll
2013-12-20 11:01 - 2008-11-18 19:57 - 00012288 _____ C:\Windows\SysWOW64\CNC173AD.TBL
2013-12-20 11:01 - 2008-11-18 19:57 - 00012288 _____ C:\Windows\system32\CNC173AD.TBL
2013-12-20 11:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-12-20 11:01 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-12-13 10:29 - 2013-04-29 15:17 - 00058808 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2013-12-13 02:21 - 2013-05-10 13:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 02:21 - 2013-05-10 13:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 02:21 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 02:21 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 02:17 - 2013-11-15 10:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 02:17 - 2013-11-15 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 02:17 - 2013-11-15 09:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 02:17 - 2013-11-15 09:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 02:17 - 2013-11-15 09:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 02:17 - 2013-11-15 09:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 02:17 - 2013-11-15 09:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 02:17 - 2013-11-15 09:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 02:17 - 2013-11-15 09:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 02:17 - 2013-11-15 09:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 02:17 - 2013-11-15 09:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 02:17 - 2013-11-15 09:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 02:17 - 2013-11-15 09:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 02:17 - 2013-11-15 09:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 02:17 - 2013-11-15 09:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 02:17 - 2013-11-15 09:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 02:17 - 2013-11-15 07:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 02:17 - 2013-11-15 06:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 02:17 - 2013-11-15 06:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 02:17 - 2013-11-15 06:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 02:17 - 2013-11-15 06:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 02:17 - 2013-11-15 06:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 02:17 - 2013-11-15 06:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 02:17 - 2013-11-15 06:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 02:17 - 2013-11-15 06:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 02:17 - 2013-11-15 06:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 02:17 - 2013-11-15 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 02:17 - 2013-11-15 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 02:17 - 2013-11-15 06:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 02:17 - 2013-11-15 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 02:17 - 2013-11-15 06:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 02:17 - 2013-11-15 06:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 01:12 - 2013-11-12 10:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 01:12 - 2013-11-12 10:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 01:12 - 2013-10-30 10:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 01:12 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 01:12 - 2013-10-30 09:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 01:12 - 2013-10-19 10:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 01:12 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 01:12 - 2013-10-04 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 01:12 - 2013-10-04 09:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 01:11 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 01:11 - 2013-10-12 10:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 01:11 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 01:11 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 01:11 - 2013-10-12 09:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 01:11 - 2013-10-12 09:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 01:11 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 01:11 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-04 03:04 - 2013-12-27 02:16 - 00115780 _____ C:\Windows\IE11_main.log
2013-12-03 03:24 - 2013-12-03 03:24 - 523685634 _____ C:\Windows\MEMORY.DMP
2013-12-03 03:24 - 2013-12-03 03:24 - 00696088 _____ C:\Windows\Minidump\120313-20716-01.dmp
2013-12-03 03:24 - 2013-12-03 03:24 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-12-27 14:22 - 2013-12-27 14:22 - 00000000 ____D C:\FRST
2013-12-27 14:22 - 2013-12-27 14:16 - 00000000 ____D C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive
2013-12-27 14:22 - 2011-01-22 13:27 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-27 14:21 - 2013-04-02 15:11 - 01156361 _____ C:\Windows\WindowsUpdate.log
2013-12-27 14:20 - 2013-04-17 10:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-27 14:20 - 2011-01-22 13:27 - 00003446 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-27 14:18 - 2013-01-30 22:40 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 14:13 - 2013-04-02 14:27 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-12-27 14:13 - 2013-04-02 14:27 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-12-27 14:13 - 2011-01-18 03:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-27 14:12 - 2013-01-30 22:40 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 13:34 - 2012-04-02 09:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 13:31 - 2011-02-10 18:54 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
2013-12-27 12:24 - 2009-07-14 12:45 - 00019136 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 12:24 - 2009-07-14 12:45 - 00019136 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 12:23 - 2009-07-14 13:13 - 00779080 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 12:19 - 2013-04-02 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-27 12:18 - 2012-05-11 13:59 - 04390522 _____ C:\Windows\setupact.log
2013-12-27 12:18 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 02:16 - 2013-12-04 03:04 - 00115780 _____ C:\Windows\IE11_main.log
2013-12-27 02:15 - 2013-06-22 00:33 - 01230051 _____ C:\Windows\IE10_main.log
2013-12-26 13:56 - 2011-01-24 02:57 - 00000000 ____D C:\Users\admin\AppData\Roaming\Orbit
2013-12-26 09:25 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-12-26 01:17 - 2011-01-24 03:04 - 00000000 ____D C:\Users\YaoTheHong\AppData\Roaming\Orbit
2013-12-25 19:31 - 2011-02-10 18:54 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
2013-12-24 16:48 - 2012-09-27 15:07 - 00000000 ____D C:\Users\Ajnim\AppData\Roaming\vlc
2013-12-23 18:56 - 2009-07-14 11:20 - 00000000 ___RD C:\Users\Public\Libraries
2013-12-21 21:27 - 2009-07-14 13:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-20 11:03 - 2013-12-20 11:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-20 11:03 - 2013-12-20 11:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-20 11:02 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2013-12-20 10:25 - 2013-04-02 13:10 - 00000000 ____D C:\Users\admin
2013-12-18 19:50 - 2013-10-24 17:22 - 00000000 ____D C:\Windows\system32\MRT
2013-12-18 19:48 - 2012-05-10 20:05 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 02:20 - 2013-02-13 22:20 - 00000000 ____D C:\Users\YaoTheHong\AppData\Roaming\Audacity
2013-12-14 02:18 - 2013-02-13 22:20 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-12-13 14:06 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 10:28 - 2009-07-14 12:45 - 00507664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 02:21 - 2011-05-01 00:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 00:35 - 2012-04-02 09:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 00:35 - 2012-04-02 09:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 00:35 - 2011-05-17 19:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 19:26 - 2011-02-10 18:54 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA
2013-12-11 19:26 - 2011-02-10 18:54 - 00003512 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core
2013-12-11 01:47 - 2011-01-22 18:59 - 00000000 ____D C:\Users\YaoTheHong\AppData\Roaming\SoftGrid Client
2013-12-10 11:13 - 2013-01-30 22:40 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 11:13 - 2013-01-30 22:40 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-09 21:49 - 2011-11-29 15:37 - 00000000 ____D C:\Users\YaoTheHong\AppData\Roaming\DAEMON Tools Lite
2013-12-07 15:09 - 2013-01-21 19:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-12-03 03:24 - 2013-12-03 03:24 - 523685634 _____ C:\Windows\MEMORY.DMP
2013-12-03 03:24 - 2013-12-03 03:24 - 00696088 _____ C:\Windows\Minidump\120313-20716-01.dmp
2013-12-03 03:24 - 2013-12-03 03:24 - 00000000 ____D C:\Windows\Minidump
2013-12-01 12:20 - 2011-01-24 03:31 - 00000000 ____D C:\Users\YaoTheHong\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 09:17

==================== End Of Log ============================

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by admin at 2013-12-27 14:23:32
Running from C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Panda Cloud Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

AccelerometerP11 (x32 Version: 2.00.11.15)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.6) (x32 Version: 10.1.6)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Audacity 2.0.3 (x32 Version: 2.0.3)
Canon MP250 series MP Drivers
Cisco AnyConnect VPN Client (x32 Version: 2.5.3054)
COMSOL 4.1 (x32 Version: COMSOL Multiphysics 4.1)
CyberLink Power2Go (x32 Version: 7.0.0.0816)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.1.0236)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Dock (Version: 2.0)
Dell Dock (x32 Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Version: 3.0.5621.01)
Dell Webcam Central (x32 Version: 2.00.35)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)
Face Recognition (Version: 3.0.85.1)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Freemake Video Converter version 2.1.3 (x32 Version: 2.1.3)
Google Chrome (x32 Version: 31.0.1650.63)
Google SketchUp 8 (x32 Version: 3.0.4811)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.22.3)
GoToAssist 8.0.0.514 (x32)
Hamster Free ZIP Archiver 1.2.0.4 (x32 Version: 1.2.0.4)
ImagXpress (x32 Version: 7.0.74.0)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JMicron Flash Media Controller Driver (x32 Version: 1.0.41.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2009a (Version: 7.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Premium 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (x32 Version: 14.0.1)
Mozilla Firefox 4.0 (x86 en-US) (x32 Version: 4.0)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
neroxml (x32 Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 6.84.0.0)
NVIDIA 3D Vision Driver 266.39 (Version: 266.39)
NVIDIA Control Panel 266.39 (Version: 266.39)
NVIDIA Display Control Panel (Version: 6.14.12.5939)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 266.39 (Version: 266.39)
NVIDIA HD Audio Driver 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6639)
Orbit Downloader (x32)
Panda Cloud Antivirus (Version: 6.06.00.0000)
Panda Cloud Antivirus (x32 Version: 2.1.1)
PhotoShowExpress (x32 Version: 2.0.028)
Quickset64 (Version: 10.8.5)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6312)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.6)
Roxio Creator Starter (x32 Version: 1.0.311)
Roxio Creator Starter (x32 Version: 12.1.40.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.1 (x32 Version: 6.1.129)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II Beta (x32 Version: 0.2.0.13891)
Synaptics Pointing Device Driver (Version: 15.1.4.0)
thinkorswim from TD AMERITRADE (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)

==================== Restore Points =========================

12-12-2013 17:01:29 Windows Update
12-12-2013 18:14:16 Windows Update
13-12-2013 07:31:20 Windows Update
13-12-2013 19:00:17 Windows Update
18-12-2013 04:15:13 Windows Update
18-12-2013 11:47:22 Windows Update
21-12-2013 13:31:12 Windows Update
23-12-2013 10:53:54 Removed BlueStacks Notification Center
24-12-2013 06:31:41 Windows Update
24-12-2013 09:14:09 Windows Update
25-12-2013 19:00:34 Windows Update
26-12-2013 09:17:23 Windows Update
26-12-2013 18:12:22 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-04-13 23:15 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {39FDDC41-9C7B-4C3B-BF5A-6BEA93CCDFD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {41557065-5F9E-4ECD-9ECE-FF10514C6977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {55E39060-EE33-480E-AD88-D1390476D99C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {5A985995-3FEB-441D-A015-2AD886ECCF76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)
Task: {6602971A-E834-449D-94A9-8393E7440B62} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {8296D210-410F-473D-BF13-8311586C555B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)
Task: {82D6D653-1E58-46EA-BF21-9444BAB2EBFB} - \{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} No Task File
Task: {AF9F568B-AB68-4D58-A5C1-2C701833C362} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {B130D33C-6117-415D-A7E9-9714846A55E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {F522CF6A-8341-4549-9DD9-44F972FC1773} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-02 12:40 - 2010-11-02 12:40 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2013-08-15 14:06 - 2013-08-15 14:06 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7676b6434edfb9fb2485d1e2ba6a751c\IsdiInterop.ni.dll
2011-01-18 03:43 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\YaoTheHong\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2013 02:20:04 PM) (Source: PC-Doctor) (User: )
Description: (6428) Asapi: (14:20:04:6670)(6428) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/27/2013 02:20:04 PM) (Source: PC-Doctor) (User: )
Description: (6428) Asapi: (14:20:04:6650)(6428) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/27/2013 00:19:57 PM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2013 10:05:58 PM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2013 10:00:39 AM) (Source: PC-Doctor) (User: )
Description: (18460) Asapi: (10:00:39:7680)(18460) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/26/2013 10:00:39 AM) (Source: PC-Doctor) (User: )
Description: (18460) Asapi: (10:00:39:5270)(18460) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/25/2013 07:38:04 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2d68

Start Time: 01cf01657aff70f5

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (12/25/2013 05:40:00 PM) (Source: PC-Doctor) (User: )
Description: (5296) Asapi: (17:40:00:6310)(5296) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/25/2013 05:40:00 PM) (Source: PC-Doctor) (User: )
Description: (5296) Asapi: (17:40:00:6290)(5296) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/25/2013 05:30:13 PM) (Source: PC-Doctor) (User: )
Description: (1960) Asapi: (17:30:13:5070)(1960) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.


System errors:
=============
Error: (12/27/2013 02:12:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/27/2013 00:18:59 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/27/2013 00:18:59 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (12/27/2013 00:18:59 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (12/27/2013 02:16:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595).

Error: (12/27/2013 02:16:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (12/27/2013 02:16:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).

Error: (12/27/2013 02:15:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error: (12/27/2013 02:14:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).

Error: (12/27/2013 02:14:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628).


Microsoft Office Sessions:
=========================
Error: (12/27/2013 02:20:04 PM) (Source: PC-Doctor)(User: )
Description: (6428) Asapi: (14:20:04:6670)(6428) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/27/2013 02:20:04 PM) (Source: PC-Doctor)(User: )
Description: (6428) Asapi: (14:20:04:6650)(6428) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/27/2013 00:19:57 PM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2013 10:05:58 PM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (12/26/2013 10:00:39 AM) (Source: PC-Doctor)(User: )
Description: (18460) Asapi: (10:00:39:7680)(18460) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/26/2013 10:00:39 AM) (Source: PC-Doctor)(User: )
Description: (18460) Asapi: (10:00:39:5270)(18460) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/25/2013 07:38:04 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.165262d6801cf01657aff70f50C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (12/25/2013 05:40:00 PM) (Source: PC-Doctor)(User: )
Description: (5296) Asapi: (17:40:00:6310)(5296) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (12/25/2013 05:40:00 PM) (Source: PC-Doctor)(User: )
Description: (5296) Asapi: (17:40:00:6290)(5296) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (12/25/2013 05:30:13 PM) (Source: PC-Doctor)(User: )
Description: (1960) Asapi: (17:30:13:5070)(1960) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.


CodeIntegrity Errors:
===================================
Date: 2011-04-10 01:18:18.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:18:18.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:18:16.062
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:18:16.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:18:03.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:18:03.668
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:17:58.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:17:58.637
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:17:54.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-10 01:17:54.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4028.38 MB
Available physical RAM: 2419.57 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 6186.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:60.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================[/code]

aswMBR
[code=auto:0]aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-27 14:27:11
-----------------------------
14:27:11.808 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:11.808 Number of processors: 8 586 0x1E05
14:27:11.808 ComputerName: BOMBOMCHA UserName: admin
14:27:13.602 Initialize success
14:36:21.352 AVAST engine defs: 13122601
17:40:30.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:40:30.040 Disk 0 Vendor: HGST_HTS GG2O Size: 476940MB BusType: 3
17:40:30.196 Disk 0 MBR read successfully
17:40:30.196 Disk 0 MBR scan
17:40:30.243 Disk 0 Windows 7 default MBR code
17:40:30.243 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:40:30.290 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15006 MB offset 80325
17:40:30.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461892 MB offset 30812670
17:40:30.461 Disk 0 scanning C:\Windows\system32\drivers
17:40:45.219 Service scanning
17:41:37.323 Modules scanning
17:41:37.323 Disk 0 trace - called modules:
17:41:37.354 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
17:41:37.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d71790]
17:41:37.370 3 CLASSPNP.SYS[fffff88001a8943f] -> nt!IofCallDriver -> [0xfffffa8004c7ecb0]
17:41:37.386 5 stdcfltn.sys[fffff880017ccc52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ae0050]
17:41:39.195 AVAST engine scan C:\Windows
17:41:43.485 AVAST engine scan C:\Windows\system32
17:45:17.736 AVAST engine scan C:\Windows\system32\drivers
17:45:36.362 AVAST engine scan C:\Users\admin
17:46:42.787 AVAST engine scan C:\ProgramData
17:48:57.712 Scan finished successfully
17:49:34.372 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive\MBR.dat"
17:49:34.372 The log file has been saved successfully to "C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive\aswMBR.txt"




Checkup
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 4.0 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


I also recall Windows 7 repeatedly installs updates. Could this be related to our malware?

AlanY
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Your Logs look good. I believe on a Hardware issue being honest. We will scan after this later.

I also recall Windows 7 repeatedly installs updates. Could this be related to our malware?

Are there errors? Please attach this file to your next post: C:\Windows\WindowsUpdate.log - then we can take a look at it.

Also, please don't post with the Code Tags - just post them.

FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Malwarebytes' Anti-Malware

  • Right click on the Malwarebytes icon and select Run as Administrator
  • Go to the tab Update and click Check for Updates
  • Then go again to the tab Scanner and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

Question

How is the PC running? Any issues?

Attached Files


  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Any problems with my instructions above?
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
User returned.
  • 0

#8
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi Machiavelli,

Thanks for reopening this post.

The computer is still running slowly. My sister told me her video files are unrelated to this issue but I am not convinced. The hard drive was replaced a few months ago and a computer shop cleaned the internals of the computer for us.

Yes there are errors in Windows Update. The Windows Update log file is in attachment.

Other log files are here too. FRST Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01
Ran by admin at 2014-01-01 14:07:05 Run:1
Running from C:\Users\admin\Desktop\2013-12 Windows 7 Slow due to Sunny Hard Drive
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [FAStartup] - [x]
HKCU\...\Policies\Explorer: []
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
C:\Users\admin\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\Users\YaoTheHong\AppData\Roaming\default.rss:OECustomProperty
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
C:\Users\admin\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\YaoTheHong\AppData\Roaming\default.rss => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====


Malwarebyte log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: BOMBOMCHA [administrator]

2/1/2014 2:12:58 PM
mbam-log-2014-01-02 (14-12-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299189
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Online Scanner found 2 threats. The log file is:

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f2cbf14c0bed04468d4e86077fcbdd4d
# engine=16481
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-31 05:09:34
# local_time=2013-12-31 01:09:34 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1791 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 140312424 0 0
# scanned=569741
# found=2
# cleaned=0
# scan_time=38145
sh=27E77E1E8BAB2A162838598C77DE65DC81D1FFDE ft=1 fh=fdafe459438b3763 vn="multiple threats" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
sh=C19356F001DC7E20B9A4ED54A66CBC5136F9F4B8 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA application" ac=I fn="C:\Users\YaoTheHong\Documents\Info Center\Experts Help\11-02 Malware - Unable to Connect Internet, Uncontrollable Shutdowns\Hiren's Mini XP Repair Work in Progress\Hiren's Boot CD ISO\HBCD\Programs\Files\SIW.7z"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f2cbf14c0bed04468d4e86077fcbdd4d
# engine=16493
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-01 06:37:55
# local_time=2014-01-01 02:37:55 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1791 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 140360925 0 0
# scanned=568777
# found=2
# cleaned=0
# scan_time=36461
sh=27E77E1E8BAB2A162838598C77DE65DC81D1FFDE ft=1 fh=fdafe459438b3763 vn="multiple threats" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
sh=C19356F001DC7E20B9A4ED54A66CBC5136F9F4B8 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA application" ac=I fn="C:\Users\YaoTheHong\Documents\Info Center\Experts Help\11-02 Malware - Unable to Connect Internet, Uncontrollable Shutdowns\Hiren's Mini XP Repair Work in Progress\Hiren's Boot CD ISO\HBCD\Programs\Files\SIW.7z"

Attached Files


  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
  • Step 1: SFC Scan

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

  • 0

#10
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Following SFC Scan, this text showed up. "WIndows Resource Protection did not find any integrity violations" The log file is too large for attachment due to its 36MB size. It doesn't look like a large file inside though. Shall I post its contents here instead?
  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Upload it here. Click on Select Files - then select your file (also the cbs.txt) - upload it and copy the link and post it into your next reply.
  • 0

#12
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
cbs.txt is uploaded here: http://en.file-uploa...10/cbs.txt.html
  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
How is the PC running? What exactly is slow? Booting up? Starting programs? Please post your system specs here into the thread. :)
  • 0

#14
AlanY

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Yes, the computer runs slow right after booting up. Windows 7 keeps updating itself every time it shuts down. Yet, sometimes it boots up normally. When it's bad, Windows Explorer took me almost a full minute to load right after booting up. Task Manager took slightly longer to activate when I needed to stop a program.

Startup programs are:
Startup.jpg
Programs below this list are unchecked.

My computer specs are:
Dell XPS L501X
Intel Core i7 Q740 1.73GHz
4GB RAM
64-bit Windows 7 Home Premium
  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
  • Step 1: Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    Dism /Online /Cleanup-Image /RestoreHealth

    Wait until it is finished ... then enter:

    sfc /scannow

    Wait until it is finished ... then enter:

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • Again, upload CBS.txt (located under your Desktop) to File-upload.net

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP